CN101490689B - Content control system and method using certificate chains - Google Patents

Content control system and method using certificate chains Download PDF


Publication number
CN101490689B CN 200780025848 CN200780025848A CN101490689B CN 101490689 B CN101490689 B CN 101490689B CN 200780025848 CN200780025848 CN 200780025848 CN 200780025848 A CN200780025848 A CN 200780025848A CN 101490689 B CN101490689 B CN 101490689B
Prior art keywords
Prior art date
Application number
CN 200780025848
Other languages
Chinese (zh)
Other versions
CN101490689A (en
Original Assignee
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US81950706P priority Critical
Priority to US60/819,507 priority
Priority to US11/557,028 priority patent/US8140843B2/en
Priority to US11/557,010 priority patent/US20080010449A1/en
Priority to US11/557,010 priority
Priority to US11/557,028 priority
Application filed by 桑迪士克股份有限公司 filed Critical 桑迪士克股份有限公司
Priority to PCT/US2007/015304 priority patent/WO2008013656A2/en
Publication of CN101490689A publication Critical patent/CN101490689A/en
Application granted granted Critical
Publication of CN101490689B publication Critical patent/CN101490689B/en



Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.


用于由存储装置验证实体的方法及使用该方法的存储装置 A method for verification by a storage device using a storage device and the entity of the process


[0002] 本申请案主张2006年7月7日申请的第US 60/819,507号美国临时申请案的权 [0002] This application claims the right of US Provisional Application No. US 60 / 819,507 July 7, 2006 filed

■、Λ ■, Λ

frff. ο frff. ο

[0003] 本申请案与2005年12月20日申请的第11/313,870号美国申请案相关;所述申请案主张2004年12月21日申请的第60/638,804号美国临时申请案的权益。 [0003] No. 11 / 313,870 US application of the present application and December 20, 2005 related to the application; the application claims the benefit of US Provisional Application No. 60 / 638,804 December 21, 2004 filed equity case. 本申请案进一步与2005年12月20日申请的第11/314,411号美国专利申请案相关;本申请案进一步与2005年12月20日申请的第11/314,410号美国专利申请案相关;本申请案进一步与2005年12月20日申请的第11/313,536号美国专利申请案相关;本申请案进一步与2005 年12月20日申请的第11/313,538号美国专利申请案相关;本申请案进一步与2005年12 月20日申请的第11/314,055号美国专利申请案相关;本申请案进一步与2005年12月20 日申请的第11/314,052号美国专利申请案相关;本申请案进一步与2005年12月20日申请的第11/314,053号美国专利申请案相关。 No. 11 / 314,411 US patent application of the present application further and December 20, 2005 filed related; this application further to the December 20, 2005 Application No. 11 / 314,410 US patent application Ser. related; No. 11 / 313,536 US patent application of the present application further and December 20, 2005 related to the application; US Patent No. 11 / 313,538 of the present application further and December 20, 2005 filed application related; No. 11 / 314,055 US patent application of the present application further and December 20, 2005 filed related; this application further to the December 20, 2005 application No. 11 / 314,052 US patent application related; No. 11 / 314,053 US patent application of the present application further and December 20, 2005 related to the application.

[0004] 本申请案与以下美国申请案相关:霍尔兹曼等人2006年11月6日申请的题为“使用证书链的内容控制方法(Content Control Method Using Certificate Chains) ” 的第11/557,0¾号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“使用证书链的内容控制系统(Content Control System Using Certificate Chains) ”的第11/557,010 号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“使用证书撤回列表的内容控制方法(Content Control Method Using Certificate Revocation Lists),,的第11/557,006 号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“使用证书撤回列表的内容控制系统(Content Control System Using Certificate Revocation Lists),,的第11/557,026 号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“使用通用控制结构的内容控制 [0004] The present application is related to the following U.S. Application: Application Holzman et al. November 6, 2006, entitled "content control method using a certificate chain (Content Control Method Using Certificate Chains)" 11 / No. 557,0¾ US application entitled Holzman et al., 2006 filed November 6, "using the certificate chain of content control system (content control system using certificate chains)" is / US No. 11 557,010 content control method (content control method using certificate Revocation lists) ,, entitled application, Holzman et al., 2006 filed November 6, "using the certificate Revocation list No. 11 / 557,006 U.S. application use certificates, Holzman et al., 2006 filed November 6, entitled "withdrawal of content control lists (content control system using certificate Revocation lists) ,, No. 11 / 557,026 US application, Huo et al., entitled Boltzmann November 6, 2006 filed "using a common control structure of content control

(Content Control Method Using Versatile Control Structure),,的H 11/557,049 号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“使用通用控制结构的内容控制系统(Content Control System Using Versatile Control Structure),,的第11/557,056 号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“用于控制从存储器装置供应的信息的方法(Method for Controlling Information Supplied From Memory Device),,的第11/557,052号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“用于控制从存储器装置供应的信息的系统(System for Controlling Information Supplied From Memory Device)”的第11/557,051号美国申请案、霍尔兹曼等人2006年11月6日申请的题为“使用身份对象的控制方法(Control Method Using Identity Objects) ”的第11/557,041 号美国申请案,以及霍尔兹曼等人2006年11月6日申请的题为“使用身份对象的控制系统(Control (Content Control Method Using Versatile Control Structure) ,, of H 11 / US application No. 557,049, Holzman et al., 2006 November 6 application entitled "Use common control structure of a content control system (Content control System Using Versatile control Structure) ,, No. 11 / 557,056 US application, Holzman et al., 2006 November 6 application entitled "methods for the supply of information from the device memory control ( Method for controlling information supplied from memory device) ,, No. 11 / 557,052 US application, Holzman et al., 2006 filed November 6, entitled "to control the supply of information from the memory device of system (system for controlling Information Supplied From Memory Device) "No. 11 / 557,051 application of the United States, Holzman et al., 2006 filed November 6, entitled" using the identity object control method (control method using identity objects) "No. 11 / 557,041 US application, entitled Holzman et al., 2006 filed November 6," using the identity object control system (control SystemUsing Identity Objects) ” 的第11/557,039 号美国申请案。 SystemUsing Identity Objects) "No. 11 / 557,039 US application.

[0005] 上文列举的申请案全文以引用的方式如同在本文中完全陈述那样并入本文中。 [0005] recited above application incorporated by reference as if fully set forth herein above are incorporated herein by reference.

技术领域 FIELD

[0006] 本发明大体涉及存储器系统,且明确地说涉及一种具有通用内容控制特征的存储器系统。 [0006] The present invention relates generally to memory systems, and in particular relates to a memory system having a generic content control features.

背景技术 Background technique

[0007] 例如快闪存储器卡的存储装置已成为用于存储例如照片等数字内容的首选存储媒体。 [0007] The memory device such as a flash memory card has become the preferred storage medium for storing digital contents such as photos and the like. 快闪存储器卡还可用于分配其它类型的媒体内容。 The flash memory card can be used for dispensing other types of media content. 此外,越来越多种类的主机装置, 例如计算机、数码相机、蜂窝式电话、个人数字助理(PDA)和媒体播放器(例如,MP3播放器),现具有呈现存储在快闪存储器卡中的媒体内容的能力。 In addition, more and more types of host devices such as computers, digital cameras, cellular phones, personal digital assistants (PDA) and a media player (eg, MP3 players), have now presented stored in the flash memory card the ability of media content. 因此,快闪存储器卡以及其它类型的移动存储装置存在巨大潜力变为用于分配数字内容的广泛使用的媒介物。 Thus, flash memory cards, and other types of mobile storage means there is a huge potential for vehicle for distributing digital content becomes widely used.

[0008] 数字内容的所有者和分配者的重要关注点之一是,在内容已经通过从例如因特网的网络下载或通过存储装置上的内容的分配而被分配之后,应仅允许经授权方存取所述内容。 [0008] One major concern for the owners and distributors of digital content was, after the content has passed from a network such as the Internet or be downloaded through the dispensing of the content on the storage device, allowing only authorized parties should exist to access the content. 避免未经授权存取的方式之一是使用一种用于在向一方准予内容存取之前建立所述方的身份的系统。 One way to avoid unauthorized access to a system is used to establish the identity of the party before granting access to the content for one. 已开发出例如公共密钥基础结构(PKI)的系统以用于此目的。 Systems have been developed, for example, public key infrastructure (PKI) to be used for this purpose. 在PKI系统中,称为证书授权方(Certificate Authority, CA)的置信授权方发布证书,以证明个人和组织的身份。 Confidence in the authorized party PKI system, called a certificate authority (Certificate Authority, CA) that issued the certificate to prove the identity of individuals and organizations. 希望建立身份的证明的各方(例如组织和个人)可用适当的证据向所述证书授权方注册,以证明其身份。 We hope all parties to establish proof of identity (such as organizations and individuals) can be used to register with the appropriate evidence certifying authority, to prove their identity. 在已经向CA证明一方的身份之后,CA将发布证书给该方。 After the identity of the party has to prove to the CA, CA will issue a certificate to that party. 所述证书通常包含发布所述证书的CA的名称、所述证书被发布给予的一方的名称、所述方的公共密钥,以及通过CA的专用密钥签署(通常通过将所述公共密钥的摘要加密)的所述方的公共密钥。 The certificate is usually issued the certificate contains the name of the CA, the name given to one of the certificate is issued, the public key of the party, and signed by the CA's private key (usually by the public key summary encrypted) public key of the party.

[0009] CA的专用密钥和公共密钥是相关的,使得使用公共密钥加密的任何数据可以通过所述专用密钥予以解密,且反之亦然。 [0009] CA private and public keys are related such that any data encrypted using the public key can be decrypted by the private key, and vice versa. 因此,专用密钥和公共密钥形成一密钥对。 Thus, the public key and private key form a key pair. 在RSA安全性(RSA Security)有限公司在2002年6月14日提出的“PKCS#1第2. 1版:RSA密码术标准(RSA Cryptography Mandard) ”中提供对用于密码术的专用和公共密钥对的阐释。 In the RSA Security (RSA Security) Co., Ltd. "PKCS # 1 of the 2.1 version: RSA Cryptography Standards (RSA Cryptography Mandard)" June 14, 2002 proposed to provide for the dedicated cryptography and public Interpretation of the key. CA 的公共密钥可公开取用。 CA's public key publicly accessible. 因此,当一方希望检验由另一方所提供的证书是否真实时,检验方可使用解密算法,简单地使用CA的公共密钥来解密证书内的公共密钥的经加密摘要。 Therefore, when one party wants if the certificate provided by the other party if the real test, test before using the decryption algorithm, simply use the CA's public key to decrypt the encrypted digest of the public key in the certificate. 通常,还在所述证书中识别所述解密算法。 Typically, also the certificate identifying the decryption algorithm. 如果所述证书内的公共密钥的经加密摘要与所述证书内的未经加密公共密钥的摘要匹配,那么基于对CA和CA的公共密钥的真实性的信任, 这证明所述证书内的公共密钥尚未被窜改且是真实的。 If the digests match unencrypted public key in the certificate digest encrypted public key in the certificate, based on trust in the authenticity of the public key of the CA and CA, which proves that the certificate public key has not been tampered with and within true.

[0010] 为了检验一方的身份,通常检验方将发送询问(例如,随机数),且要求另一方发送其证书以及对所述询问的响应(即,以另一方的专用密钥加密的随机数)。 [0010] To test the identity of the party, the verifier typically sends a query (e.g., a random number), and sends its certificate request the other party and in response to the query (i.e., the encrypted private key to the other of a random number ). 当所述响应和证书被接收时,检验方首先通过上述过程检验所述证书内的公共密钥是否真实。 When the response and the certificate is received by the first verifier public key within the certificate during the test is true. 如果所述公共密钥被检验为真实的,那么检验方可接着使用所述证书内的公共密钥来解密所述响应,且将结果与原始发送的随机数进行比较。 If the public key is verified as authentic, then it should be tested before use in the public key certificate to decrypt the response, and the transmission results to the original random number are compared. 如果其匹配,那么这意味着另一方确实具有正确的专用密钥,且出于所述理由而已证明其身份。 If it matches, then this means that the other party does have the right private key, and the reasons for it to prove its identity. 如果所述证书内的公共密钥不是真实的, 或如果所述经解密响应未能与所述询问匹配,那么验证失败。 If the public key in the certificate is not true, or if the decrypted response fails to match with the inquiry, the validation fails. 因此,希望证明其身份的一方将需要拥有所述证书和相关联的专用密钥两者。 Thus, one would want to prove their identity to the need to have both a private key and the associated certificate.

[0011] 通过上述机制,可能不彼此信任的两方可使用上述过程,通过检验另一方的证书中另一方的公共密钥而建立信任。 [0011] Through the above mechanisms, they may not trust each other two before using the above procedure, established by the other in the other test certificate public key trust. 来自国际电信联盟(ITU)的电信标准化部门(ITU-T)的建议书X. 509是规定证书框架的标准。 From the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) Recommendation X. 509 certificate is required standards framework. 关于证书及其使用的更详细信息可参阅此标准。 For more information about the certificate and its use can be found in this standard.

[0012] 在行政机构中和在大型组织中,为了便利起见,对称为根CA的较高级CA来说,向若干较低级CA授权发布证书的责任可能是适当的。 [0012] In the executive branch and in large organizations, for convenience, called for higher CA root CA, the certificate issued to the responsibility of several lower-level CA authorization may be appropriate. 举例来说,在两级式层级中,在最高级的根CA发布证书给较低级CA,以鉴定这些较低级授权方的公共密钥是真实的。 For example, in a two-stage hierarchy, the most senior of the root CA issues certificates to lower-level CA, to identify these public keys lower level authorized party is real. 这些较低级授权方又通过上述注册过程发布证书给各方。 These lower-level certificate authorized party has released to the parties by the above-mentioned registration process. 检验过程从证书链的顶端开始。 Inspection process starts from the top of the certificate chain. 检验方将首先使用所述根CA的所述公共密钥(已知为真实的)以首先检验较低级CA的公共密钥的真实性。 The verifier will first use the root CA's public key (known as real) to a lower level first checks the authenticity of the CA's public key. 一旦所述较低级CA的所述公共密钥的真实性已经被检验,就可通过使用所述较低级CA的经检验的公共密钥来检验较低级将证书发布到的一方的公共密钥的真实性。 Once the public key of the CA of the lower level of authenticity has been tested, it is possible by using the lower level by the CA's public key to verify a lower level test one of the issued certificates to the public the authenticity of the key. 接着,由所述根CA和较低级CA发布的证书形成身份正被检验的一方的两个证书的证书链。 Next, the certificate issued by the root CA certificate and a chain of lower-level CA is formed of two identity certificate of the one being examined.

[0013] 证书层级当然可包含两个以上级,其中除了根CA以外的在较低级的每一CA从较高级CA导出其权限,且具有含有由较高级CA发布的其公共密钥的证书。 [0013] Certificate hierarchy can of course comprise more than two stages, where in addition to the root CA which is derived from a higher-level authority CA in the lower level of each CA, and having a certificate containing its public key issued by a CA higher . 因此,为了检验另一方的公共密钥的真实性,可能有必要追踪到根CA的证书的路径或链。 Therefore, in order to verify the authenticity of the public key of the other party, it may be necessary to trace the path or the root CA certificate chain. 换句话说,为了建立一方的身份,身份需要被证明的一方可能需要产生整个证书链,从其自身的证书一直到根CA证书。 In other words, in order to establish the identity of the party, the identity of the party need to be proved may be required to produce the entire certificate chain, from its own certificate up to the root CA certificate.

[0014] 如上所述,所述根证书和发布给CA的所有证书(例如上述证书层级中发布给较低级CA的证书)可公开取用。 [0014] As described above, all the certificates and the root certificate (e.g., certificate hierarchy such a certificate issued to the lower level of CA) issued to CA publicly accessible. 目前,用于证明身份的证书的提交已采用两种形式。 At present, the submission of a certificate for proof of identity has two forms. 在第一形式中,希望被验证的一方仅提交由CA发布的其自身的证书,所述证书是证书链中的最后一个证书。 In the first form, the party wishing to be verified only to submit their own certificates issued by the CA, the certificate is the final certificate in the certificate chain. 如果检验方不具有发布所述证书的CA的公共密钥,那么由该方获得CA的所述公共密钥来执行检验。 If the party does not have a test CA's public key issued the certificate, then the public key obtained from that party CA to perform the test. 在必需更高授权方的公共密钥来检验较低级CA的公共密钥的情况下, 检验方将需要使用证书内的发布者的名称而追踪到达所述证书和较高级CA的公共密钥的路径。 In the case of a public key necessary to test higher authorized party public key of the lower-level CA, verifier will need to use the publisher's name in the certificate track to reach the higher level CA certificate and public key path of. 此过程持续,直到检验方到达已知其公共密钥为真实的而不需要进一步检验的CA为止。 This process continues until the inspection party to a known public key that is true without the need for further testing until the CA.

[0015] 在证书验证的第二形式中,虽然可由希望被验证的一方提交链内的所有证书,但不需要以任何特定次序提交所述证书。 [0015] In a second form of certificate validation, while the author All certificates in the chain is verified by the party wants, but does not need to submit the credential in any particular order. 如果希望被验证的一方还连同证书一起提交关于被发送到检验方的链中的证书的正确次序的信息,那么此信息可能在消息中出现较晚,使得所述检验方可能直到整个证书链已被接收才知道所述证书的正确序列。 If one wishes to be verified with further information about the certificate submitted with the correct order is sent to a certificate chain in the verifier, then this information may occur later in the message, so that the verifier has been possible until the whole certificate chain received know the correct sequence of the certificate.

[0016] 第一形式的证书交换和检验确保检验方能够存取遗失的证书。 [0016] The first form of certificate exchange and inspection to ensure that the verifier has access to the missing certificate. 虽然对于例如计算机和蜂窝式电话等装置存取例如因特网等网络以获得遗失的证书是可能的,但例如快闪存储器卡等存储装置本身尚未被用于这样做。 For example, a computer and a certificate Although a cellular telephone network, such as Internet access device to obtain a loss is possible, such as flash memory cards and other storage devices themselves have not been used to do so.

[0017] 在第二形式的证书交换和检验中,在发送到检验装置的消息中提交所有证书,从而使检验装置不必获得所述证书。 [0017] In the second form of the certificate exchange and inspection, to submit messages to all certificates in the test device so that the testing apparatus necessary to obtain the certificate. 然而,所述证书可能不以任何特定次序发送,且关于链中的证书序列的信息可出现于消息中的任何地方,例如在消息的结尾处。 However, the certificates may not be sent in any particular order and at any place on the sequence information of the certificate chain can occur in the message, for example in the end of the message. 这意味着在链中任何特定证书能够被分析以用于检验之前,需要在检验可开始之前接收和存储整个证书群组。 This means that any particular certificate can be analyzed to check for before, needs to receive before the test can begin certificates and store the entire group in the chain. 虽然这对于例如计算机、PDA和蜂窝式电话等主机装置来说可能不是问题,但这对于存储装置来说可能产生问题。 While this may not be a problem for example, a host device of a computer, PDA and a cellular telephone, a problem may arise but this is for the memory device. 存储装置可具有内嵌的存储器容量和处理能力,其相当有限以致于无法存储和有效地分析长串的证书。 Memory device may have embedded memory capacity and processing power, which is rather limited and can not be stored so as to effectively analyze long strings of certificates.

[0018] 由于上述各种争议和问题的缘故,目前在存储装置和主机装置中使用的系统均不完全令人满意。 [0018] For various reasons the above-described problems and controversy, systems currently in use in the storage device and host device are not entirely satisfactory. 因此,需要提供具有较好特性的改进的系统。 Thus, a need to provide an improved system has good properties.


[0019] 证书链包含多个连续的证书串。 [0019] Certificate chain comprises a plurality of consecutive string of certificates. 每一串包含至少一个证书。 Each string contains at least one certificate. 当在检验实体处接收到这些串时,所述实体以一序列检验这些串。 When the string is received at a checking entity, the entity a sequence of test these strings. 如果所述证书串以与其被检验的序列相同的序列被接收,那么上述困难将得以避免。 If the certificate is the same sequence therewith test sequence is received, then the above problem will be avoided. 如果所述证书串以此方式被接收,且如果整个证书链被接收,那么存储装置可容易地被用于检验链内这些证书的真实性。 In this way, if the certificate string is received, and if the whole certificate chain is received, the storage device may be used to verify the authenticity of the certificate chain easily.

[0020] 因为所述证书链内的连续的证书串以与其被检验的次序相同的次序被循序地接收,所以这意味着在个别的证书串已被接收和检验之后,不再需要此证书串内的信息。 [0020] For a continuous string of a certificate to the certificate chain within the same order as their test are sequentially received, this means that after the individual certificate string has been received and verified, the certificate is no longer required string information within. 根据另一实施例,被接收和存储于存储器装置内的至少一个证书串可被所述序列中的随后串重写。 According to another embodiment, the at least one certificate may be received and stored in the string storage means is then rewritten in the sequence string. 以此方式,可大幅减少必须被保留以用于存储链内的证书以供检验的存储空间量。 In this way, it can significantly reduce the amount of storage space must be reserved for the certificate in the store chain for testing.

[0021] 本文参考的所有专利、专利申请案、论文、书籍、说明书、标准、其它出版物、文献和内容全文出于所有目的以引用的方式并入本文中。 [0021] herein by reference All patents, patent applications, articles, books, manuals, standards, other publications, documents and content entirety for all purposes herein incorporated by reference. 在所并入的出版物、文献或内容的任一者与本文献的原文之间的术语的定义或使用中的任何不一致或冲突的范围内,所述术语在本文献中的定义或使用将为主导。 Within the scope of any inconsistency or conflict in the definition or use of terms between any of the incorporated publications, documents or content with the original of this document, the term is defined in this document or in the oriented.


[0022] 图1是与主机装置通信的存储器系统的方框图,其可用于说明本发明。 [0022] FIG. 1 is a block diagram of a communication device with a memory system of a host, which can be used to illustrate the present invention.

[0023] 图2是存储器的不同分区以及存储在不同分区中的未加密和加密文件的示意图, 其中对某些分区和加密文件的存取由存取策略和验证程序控制,所述示意图可用于说明本发明的不同实施例。 [0023] FIG. 2 is a schematic view of unencrypted and encrypted files and different partitions of the memory stored in different partitions where access to certain partitions and the encrypted files from the access control policies and authentication procedures, the schematic diagram for illustrate different embodiments of the present invention.

[0024] 图3是说明存储器中的不同分区的存储器的示意图。 [0024] FIG. 3 is a schematic diagram of a memory in different partitions of the memory instructions.

[0025] 图4是用于图3所示的存储器的不同分区的文件位置表的示意图,其中分区中的一些文件经加密,所述示意图可用于说明本发明的不同实施例。 [0025] FIG. 4 is a schematic view of file location table 3 shown in different partitions of memory, in which some of the encrypted file partition, a schematic diagram for explaining various embodiments of the present invention.

[0026] 图5是存取受控记录群组中的存取控制记录和相关联密钥参考的示意图,其可用于说明本发明的不同实施例。 [0026] FIG. 5 is an access control record access controlled record group and the associated key with reference to a schematic view, which may be used to illustrate various embodiments of the present invention.

[0027] 图6是由存取受控记录群组和存取受控记录形成的树结构的示意图,其可用于说明本发明的不同实施例。 [0027] FIG. 6 is a schematic diagram of a tree structure formed by access controlled records groups and access controlled record, which may be used to illustrate various embodiments of the present invention.

[0028] 图7是说明存取受控记录群组的三个层级树的树的示意图,其用以说明树的形成过程。 [0028] FIG. 7 is a schematic diagram of three hierarchical tree of the tree access controlled record group to illustrate that for explaining the formation process of the tree.

[0029] 图8A和8B是说明由主机装置和存储器装置实行的过程的流程图,所述存储器装置例如为用于创建并使用系统存取控制记录的存储器卡。 [0029] Figures 8A and 8B are a flow chart illustrating the implementation of a memory device by the host device and process, a memory device, such as to create and use a memory card system access control record for.

[0030] 图9是说明使用系统存取控制记录来创建存取受控记录群组的过程的流程图,其可用于说明不同实施例。 [0030] FIG. 9 is an explanatory system access control record to create an access controlled record group flowchart of a process that may be used to illustrate various embodiments.

[0031] 图10是说明用于创建存取控制记录的过程的流程图。 [0031] FIG. 10 is a flow diagram illustrating the process of access control record to create.

[0032] 图11是两个存取控制记录群组的示意图,其可用于说明层级树的特定应用。 [0032] FIG. 11 is a schematic view of two access control record groups, which may be used to illustrate a particular application of the hierarchical tree.

[0033] 图12是说明特定权利的授权过程的流程图。 [0033] FIG. 12 is a flowchart illustrating a specific process of claim authorization.

[0034] 图13是存取受控记录群组和存取控制记录的示意图,其用以说明图12的授权过程。 [0034] FIG. 13 is a schematic view of access controlled record group and an access control record, which is authorized for explaining the process of FIG. 12.

[0035] 图14是说明创建用于加密和/或解密目的的密钥的过程的流程图。 [0035] FIG. 14 is a flowchart illustrating a key encryption and / or decryption of object creation process.

[0036] 图15是说明用于根据所存取受控记录移除存取权和/或对数据存取的准许的过程的流程图。 [0036] FIG. 15 is a flowchart of a process for removing access according to the access controlled record and / or to grant access to the data of FIG.

[0037] 图16是说明用于当存取权和/或对存取的准许已被删除或已期满时请求存取的过程的流程图。 [0037] FIG. 16 is a flowchart illustrating access or when and / grant of access has been deleted or has expired a process for requesting access.

[0038] 图17A和17B是说明针对用于准予对密码密钥的存取的验证和策略的规则结构的组织的示意图,其可用于说明本发明的不同实施例。 [0038] FIGS. 17A and 17B are a schematic diagram for explanation of the rules of the organization structure for granting access to cryptographic keys and the verification strategy, which may be used to illustrate various embodiments of the present invention.

[0039] 图18是说明用于根据策略控制对受保护信息的存取的替代方法的数据库结构的方框图。 [0039] FIG. 18 is a block diagram illustrating the structure of the database accessed by the alternative method of information protection according to the control policy.

[0040] 图19是说明使用密码的验证过程的流程图。 [0040] FIG. 19 is a flowchart of a password verification process of FIG.

[0041] 图20是说明若干主机证书链的图。 [0041] FIG. 20 illustrates a plurality of host certificate chain.

[0042] 图21是说明若干装置证书链的图。 [0042] FIG. 21 is a diagram explanatory of several means certificate chain.

[0043] 图22和23是说明用于单向和相互验证方案的过程的协议图。 [0043] FIG. 22 and FIG. 23 is a one-way protocol and mutual authentication scheme for the process.

[0044] 图M是可用于说明本发明的一个实施例的证书链的图。 [0044] FIG. FIG M is a certificate chain that can be used in an embodiment of the present invention.

[0045] 图25是说明处于证书缓冲器之前的控制扇区中的由主机为将最后证书发送到存储器装置而发送的信息的表,其展示所述证书是证书链中的最后证书的指示,所述表用以说明本发明的另一实施例。 [0045] FIG. 25 is a table of the control information in the certificate before the sector buffer by the host to send the last certificate sent to the memory device, showing the certificate is the final certificate in the certificate indicating the chain, the table for explaining another embodiment of the present invention.

[0046] 图沈和27是说明分别针对其中存储器卡正验证主机装置的验证方案的卡和主机过程的流程图。 [0046] FIG. 27 is a sink and wherein the memory card for each card and host processes flowchart authentication scheme verification positive host device.

[0047] 图28和四是说明分别针对其中主机装置正验证存储器卡的验证方案的卡和主机过程的流程图。 [0047] FIG. 28 is a diagram illustrating four and wherein a host device for each card and host processes flowchart authentication scheme memory card being verified.

[0048] 图30和31是说明分别由主机装置和存储器装置实行的过程的流程图,其中存储在存储器装置中的证书撤回列表由主机装置检索,所述流程图用以说明本发明的又一实施例。 [0048] FIGS. 30 and 31 are respectively a flowchart implemented by the host device and the memory means of the process described, in which the certificate stored in the memory means by the host revocation list retrieval means further flowchart for explaining the present invention. Example.

[0049] 图32是展示列表中的字段的证书撤回列表的图,其用以说明本发明的再一实施例。 [0049] FIG. 32 is a list showing certificate field in FIG withdrawal list, which is a diagram for describing an embodiment of the present invention.

[0050] 图33和34是说明分别用于使用证书撤回列表检验证书的卡和主机过程的流程图。 [0050] FIGS. 33 and 34 are flowcharts illustrating the use of a certificate revocation list examination certificate card and host processes are used.

[0051] 图35是说明用于卡对发送到主机的数据进行签署以及用于解密来自主机的数据的卡过程的流程图。 [0051] FIG. 35 is a diagram illustrating a data card is sent to the host card for the signing of a flowchart of the decryption process, and data from the host's.

[0052] 图36是说明其中卡对发送到主机的数据进行签署的主机过程的流程图。 [0052] FIG. 36 is a flowchart of a host process, wherein the card signed data will be sent to the host.

[0053] 图37是说明其中主机将经加密数据发送到存储器卡的主机过程的流程图。 [0053] FIG. 37 is a flowchart of a host wherein the host process memory card to send the encrypted data.

[0054] 图38和39是说明分别用于一般信息查询和谨慎信息查询的过程的流程图。 [0054] Figures 38 and 39 are flowcharts illustrating the general caution information inquiry and query information for a process, respectively.

[0055] 图40A是连接到主机装置的存储器装置(例如,快闪存储器卡)中的系统结构的功能方框图,其用以说明本发明的一实施例。 [0055] FIG. 40A is a host device connected to the memory device (e.g., a flash memory card) functional block diagram showing a system configuration in which for explaining an embodiment of the present invention.

[0056] 图40B是图40A的SSM核心的内部软件模块的功能方框图。 [0056] FIG. 40B is a functional block diagram showing software module SSM internal core 40A in FIG.

[0057] 图41是用于产生一次性密码的系统的方框图。 [0057] FIG. 41 is a block diagram of a system for generating a one-time password.

[0058] 图42是说明一次性密码(OTP)种子供应和OTP产生的功能方框图。 [0058] FIG. 42 is a functional block diagram of a one-time password (OTP) OTP generation seed supply and FIG.

[0059] 图43是说明种子供应阶段的协议图。 [0059] FIG. 43 illustrates a protocol diagram seed supply stage.

[0060] 图44是说明一次性密码产生阶段的协议图。 [0060] FIG. 44 is a one-time password generation stage protocol FIG.

[0061] 图45是说明DRM系统的功能方框图。 [0061] FIG. 45 is a functional block diagram illustrating a DRM system.

[0062] 图46是说明用于许可证供应和内容下载的过程的协议图,其中密钥在许可证对象中提供。 [0062] FIG. 46 illustrates a protocol diagram of a process for downloading content and license provisioning, wherein the license key is provided in the subject. [0063] 图47是说明用于重放操作的过程的协议图。 [0063] FIG. 47 illustrates a protocol diagram of the procedure for playback operation.

[0064] 图48是说明用于许可证供应和内容下载的过程的协议图,其中密钥不在许可证对象中提供。 [0064] FIG. 48 illustrates a protocol diagram for a license provider and content download process in which the license key is not provided in the object.

[0065] 图式说明本发明各方面的各种实施例中的特征。 [0065] The drawings illustrate various features of the various aspects of the present invention. 为了描述的简单起见,本申请案中,相同组件由相同标号标记。 For simplicity of the description, the present application, the same components are indicated by like reference numerals.

具体实施方式 Detailed ways

[0066] 其中可实施本发明各方面的实例存储器系统由图1的方框图说明。 [0066] Aspects of the embodiment in which the present invention is illustrated by the example block diagram of a memory system 1 of FIG. 如图1所示,存储器系统10包含中央处理单元(CPU) 12、缓冲器管理单元(BMU) 14、主机接口模块(HIM) 16 和快闪接口模块(FIM) 18、快闪存储器20以及外围存取模块(PAM) 22。 1, the memory system 10 includes a central processing unit (CPU) 12, a buffer management unit (BMU) 14, a host interface module (HIM) 16 and a flash interface module (FIM) 18, a flash memory 20 and the peripheral access module (PAM) 22. 存储器系统10通过主机接口总线沈和端口^a与主机装置M通信。 The memory system interface bus 10 via a host port sink and M ^ a communication with the host device. 可能为NAND型的快闪存储器20为主机装置M提供数据存储装置,主机装置M可以是数码相机、个人计算机、个人数字助理(PDA)、数字媒体播放器(例如,MP-3播放器)、蜂窝式电话、机顶盒或其它数字装置或器具。 The host device may provide M data storage means is a NAND-type flash memory 20, the host device M may be a digital camera, a personal computer, a personal digital assistant (PDA), a digital media player (e.g., MP-3 players), a cellular phone, a set top box or other digital device or appliance. 用于CPU 12的软件代码也可存储在快闪存储器20中。 Software code for CPU 12 may also be stored in the flash memory 20. FIM 18通过快闪接口总线观和端口28a连接到快闪存储器20。 FIM 18 is connected to the flash memory through a flash interface bus 20 and port concept 28a. HIM 16适于连接到主机装置。 HIM 16 adapted to be connected to the host device. 外围存取模块22选择适当的控制器模块(例如,FIM、HIM和BMU)以用于与CPU 12通信。 Peripheral access module 22 selects the appropriate controller module (e.g., FIM, HIM and BMU) for communicating with the CPU 12. 在一个实施例中,虚线框内的系统10的所有组件可封闭在单一单元中(例如,存储器卡或棒10'中)且优选地被囊封。 In one embodiment, all of the components of system 10 may be enclosed within a dashed box in a single unit (e.g., memory card or stick 10 ') and preferably being encapsulated. 存储器系统10可移除地连接到主机装置M,使得系统10中的内容可由许多不同主机装置的每一者存取。 The memory system 10 is removably connected to the host device M, such that the contents of the system 10 by many different host device for each access.

[0067] 在下文的描述中,存储器系统10也称为存储器装置10,或简单地称为存储器装置或装置。 [0067] In the following description, the memory system 10 is also referred to as a memory device 10, or simply referred to as memory devices or means. 虽然本文中参考快闪存储器说明本发明,但本发明也可应用于其它类型的存储器, 例如磁盘、光学CD,以及所有其它类型的可重写非易失性存储器系统。 Although described herein with reference to a flash memory of the present invention, but the present invention is also applicable to other types of memory, such as a disk, the CD optics, and all other types of rewritable non-volatile memory system.

[0068] 缓冲器管理单元14包含主机直接存储器存取(HDMA)32、快闪直接存储器存取(FDMA) 34、仲裁器36、缓冲器随机存取存储器(BRAM) 38和加密引擎40。 [0068] The buffer management unit 14 includes a host direct memory access (HDMA) 32, a flash direct memory access (FDMA) 34, an arbiter 36, a buffer random access memory (BRAM) 38 and a crypto engine 40. 仲裁器36是共享总线仲裁器,使得在任何时间仅一个主控装置或起始器(其可为HDMA 32、FDMA 34或CPU 12)可为处于活动状态的,且从属装置或目标为BRAM 38。 The arbiter 36 is a shared bus arbiter so that only one master device at any time or initiator (which can be HDMA 32, FDMA 34 or CPU 12) may be in an active state, and the slave or target is BRAM 38 . 仲裁器负责将适当起始器请求多路传输到BRAM 38。 The arbiter is responsible for starting the appropriate requests to multiplex BRAM 38. HDMA 32禾Π FDMA ;34负责在HIM 16、FIM18与BRAM 38或CPU随机存取存储器(CPU RAM) 12a之间传送的数据。 HDMA 32 Wo Π FDMA; 34 responsible, HIM 16 FIM18 data in BRAM 38 or the CPU random access memory (the RAM CPU) 12a of the transmission. HDMA 32和FDMA 34的操作是常规的且本文中不需要详细描述。 Operation HDMA 32 and FDMA 34 are conventional and need not be described in detail herein. BRAM 38用于存储主机装置M与快闪存储器20之间传递的数据。 BRAM 38 for data transfer between host memory 20 and the flash memory device M. HDMA 32 和FDMA ;34负责在HIM 16/FIM 18与BRAM38或CPU RAM 1¾之间传递数据且用于指示扇区完成。 HDMA 32 and FDMA; 34 is responsible for transferring data between HIM 16 / FIM 18 or the CPU RAM 1¾ BRAM38 and for indicating sector completion.

[0069] 在一个实施例中,存储器系统10产生用于加密和/或解密的密钥值,其中此值优选地实质上不可由例如主机装置M等外部装置存取。 [0069] In one embodiment, the memory system 10 generates the encryption and / or decryption key value, wherein this value is preferably essentially inaccessible from the external device such as a host device M and the like. 或者,也可在系统10外部(例如由许可证服务器)产生密钥值,并将其发送到系统10。 Alternatively, 10 may be an external system (e.g. by a license server) to generate the key value, and transmits it to the system 10. 不管如何产生密钥值,一旦密钥值存储在系统10中,就只有经验证实体将能够存取密钥值。 Regardless of how to generate a key value, the key value is stored once in the system 10, experience has demonstrated that only the body will be able to access the key value. 然而,通常逐个文件地进行加密和解密,因为主机装置以文件的形式读取数据和将数据写入到存储器系统10。 Typically, however, file by file encryption and decryption, since the host device reads data in the form of files and write data to the memory system 10. 如同许多其它类型的存储装置那样,存储器装置10不管理文件。 Like many other types of memory devices as the memory device 10 does not manage the file. 虽然存储器20确实存储文件分配表(FAT) (其中识别文件的逻辑地址),但FAT通常由主机装置M而不由控制器12存取和管理。 While memory 20 does store a file allocation table (FAT) (wherein identifying the logical address of the file), the FAT is typically accessed and managed by the controller and not by the host device 12 M. 因此,为了加密特定文件中的数据,控制器12必须依赖于主机装置来发送存储器20中的文件中的数据的逻辑地址,使得系统10可使用仅可由系统10使用的密钥值找到并加密和/或解密特定文件的数据。 Accordingly, in order to encrypt data in a particular file, the controller 12 must rely on logical address of data transmitted in a file memory 20 in the host device, so that the system 10 may find and use the encryption key value 10 may only be used in systems and / decrypt data or specific files.

[0070] 为了向主机装置M和存储器系统10两者提供句柄以参考相同密钥来用密码方法处理文件中的数据,主机装置提供针对由系统10产生或发送到系统10的密钥值的每一者的参考,其中此类参考可简单地为密钥ID。 [0070] In order to provide a handle to both the host system and the memory device M 10 with reference to the same key cryptographic method for processing data in the file, the host device provides a system 10 for each generated by or sent to the key value of the system 10 one of the reference, where such reference may simply be a key ID. 因此,主机M将由系统10用密码方法处理的每一文件与密钥ID相关联,且系统10将用于用密码方法处理数据的每一密钥值与由主机提供的密钥ID相关联。 Thus, each document ID is associated with a key by the host system 10 M cryptographically processed, and the key value 10 of each cryptographic method for processing data associated with the key ID provided by the host system. 因此,当主机请求用密码方法处理数据时,其将把所述请求连同密钥ID连同待从存储器20获取或存储在存储器20中的数据的逻辑地址一起发送到系统10。 Thus, when the host data with a password request processing method, which will send the request along with a key ID to the system 10 along with data from a logical address to fetch or store memory 20 in the memory 20. 系统10产生或接收密钥值并将由主机M提供的密钥ID与此值相关联,且执行密码处理。 The system 10 generates or receives the key value and the M key provided by the host ID associated with this value, and performs the cryptographic processing. 以此方式,不需要在存储器系统10操作的方式方面作出变化,同时允许其使用密钥完全控制密码处理,包含对密钥值的专有存取。 In this way, no changes are made in the manner memory system 10 operates while allowing it to completely control the cryptographic processing using the key, comprising a key value of the exclusive access. 换句话说,一旦密钥值存储在系统10中或由系统10产生,系统就继续允许主机M通过拥有对FAT的专有控制来管理文件,同时其维持针对对用于密码处理的密钥值的管理的专有控制。 In other words, once the key values ​​generated by system 10 or stored in the system 10, the system continues to allow the host has a specific control by M FAT manages the file, while maintaining its key value for the cryptographic process used for proprietary control management. 在密钥值存储在存储器系统10中之后,主机装置M与对用于数据的密码处理的密钥值的管理无关。 After 10, the master device M and independent management of the key value for cryptographic processing key value data stored in the memory system.

[0071] 由主机M提供的密钥ID和发送到存储器系统或由存储器系统产生的密钥值形成一量的两个属性,下文在实施例的一者中称为“内容加密密钥”或CEK0虽然主机M可使每一密钥ID与一个或一个以上文件相关联,但主机M也可使每一密钥ID与未经组织的数据或以任何方式组织的数据相关联,且不限于组织为完整文件的数据。 [0071] M key provided by the host to the memory system and the ID or key value generated by the memory system form two attributes of a quantity, hereinafter referred to as "content encryption key" In one of the embodiments or Although the host CEK0 M allows each key ID with one or more files associated, but also allows the master M data of each key ID with unorganized data or in any way associated with the organization, and is not limited organization for the data integrity of the file.

[0072] 为了使用户或应用程序获得对系统10中的受保护内容或区域的存取,其将需要使用向系统10预先注册的凭证来验证。 [0072] In order for users or applications obtain access to protected content or area in system 10, which will need to use to verify a credential system 10 is registered in advance. 凭证与以此凭证准予给特定用户或应用程序的存取权相联系。 Credentials with this voucher to grant access to specific users or applications linked. 在预先注册过程中,系统10存储用户或应用程序的身份和凭证以及由用户或应用程序确定并通过主机M提供的与此身份和凭证相关联的存取权的记录。 In the pre-registration process, system 10 stores the identity and credentials of the user or the application and determining by the user or application and provided through the host M with this identity and credentials associated record of access. 在预先注册已完成之后,当用户或应用程序请求将数据写入到存储器20时,其将需要通过主机装置提供其身份和凭证、用于加密数据的密钥ID,以及经加密数据将被存储到的逻辑地址。 After the pre-registration has been completed, when the user or application requests to write data to the memory 20, it will need to provide through the host device its identity and credential, a key ID for encrypting the data, and the encrypted data will be stored the logical address. 系统10产生或接收密钥值并使此值与由主机装置提供的密钥ID相关联,且将针对用于加密待写入的数据的密钥值的密钥ID存储在其针对此用户或应用程序的记录或表中。 The system 10 generates or receives the key value and the value associated with the key ID provided by the host device, and stores the key ID for the key value used to encrypt data to be written in the user or for which application records or tables. 其接着加密数据并将经加密数据及其产生或接收的密钥值存储在由主机指定的地址处。 Which is then encrypted key value and the generated or received data and encrypted data stored at the address designated by the host.

[0073] 当用户或应用程序请求从存储器20读取经加密数据时,其将需要提供其身份和凭证、针对先前用于加密所请求的数据的密钥的密钥ID,以及经加密数据被存储到的逻辑地址。 [0073] When a user or application requests to read from the memory 20 via the encrypted data, it will need to provide its identity and credential, a key ID for the key previously used to encrypt the requested data, and encrypted data is storing the logical address. 系统10将接着将由主机提供的用户或应用程序身份和凭证与存储在其记录中的用户或应用程序身份和凭证进行匹配。 Users or application identities and credentials stored by the host system 10 will then provide the matching record in the user or application identity and credential. 如果它们匹配,那么系统10将接着从其存储器中获取与由用户或应用程序提供的密钥ID相关联的密钥值,使用密钥值解密存储在由主机装置指定的地址处的数据,并将经解密数据发送到用户或应用程序。 If they match, then the system 10 will then acquires key value associated with the key ID provided by the user or application from memory, the data at the address designated by the host apparatus using the storage key value for decrypting, and sent to the user or application program decrypted data.

[0074] 通过将验证凭证与对用于密码处理的密钥的管理分离,则有可能在不共享凭证的情况下共享存取数据的权利。 [0074] By separation of the authentication credentials and manage cryptographic keys used for processing, it is possible without access rights shared credential shared data. 因此,具有不同凭证的用户或应用程序的群组可存取用于存取相同数据的相同密钥,而此群组外的用户不具有存取权。 Thus, a group of users or applications with different credentials can access the same key for accessing the same data, while users outside this group have no access. 虽然群组内的所有用户或应用程序可存取相同数据,但其可能仍具有不同权利。 While all users or applications within a group may access the same data, but may still have different rights. 因此,一些用户或应用程序可能具有只读存取权,而其它用户或应用程序可能仅具有写入存取权,而另外其它用户或应用程序可能具有两者。 Accordingly, some users or applications may have read-only access, while other users or applications may have write access only, while still other users or applications may have both. 由于系统10维持用户或应用程序身份和凭证、其能够存取的密钥ID以及与密钥ID的每一者相关联的存取权的记录,所以系统10有可能针对特定用户或应用程序添加或删除密钥ID并改变与此类密钥ID相关联的存取权,从一个用户或应用程序向另一用户或应用程序授权存取权,或甚至删除或添加用于用户或应用程序的记录或表,所有均如经适当验证的主机装置所控制。 Since system 10 maintains a user or application identity and credential, each of which can be accessed with the key ID and key ID associated with the access to the records, it is possible to add the system 10 for a particular user or application change or delete key ID and key ID to the access rights associated with such authorizing user access to or from a user or application to another application, or even to remove or add a user or application program for record or table, all of the host device are verified by an appropriate controlled. 所存储的记录可指定需要安全通道用于存取某些密钥。 The record stored may specify secure channel is required for accessing certain keys. 可使用对称或不对称算法以及密码来完成验证。 Symmetric or asymmetric algorithms may be used to complete and verify a password.

[0075] 尤其重要的是,存储器系统10中的安全内容的便携性。 [0075] Especially important is the portability of the secure content 10 of the memory system. 在其中对密钥值的存取由存储器系统控制的实施例中,当存储器系统或并入有所述系统的存储装置从一个外部系统转移到另一外部系统时,维持存储在其中的内容的安全性。 In embodiments in which access to the key value is controlled by the memory system, or when the memory system has a memory device incorporating the system is transferred from one external system to another external system, maintaining the content stored therein safety. 不管密钥由存储器系统产生还是源自存储器系统外部,外部系统均不能存取系统10中的此类内容,除非其已用完全由存储器系统控制的方式经验证。 Whether or generates such content key from the external memory system, the external system can not be accessed by the memory system 10 in the system, unless it has been proven manner completely controlled by the memory system. 即使在如此经验证之后,存取也完全由存储器系统控制,且外部系统仅可以根据存储器系统中的预设记录而控制的方式存取。 Even after such verified, access is completely controlled by the memory system, and external systems can only be controlled according to a preset recording mode access to the memory system. 如果请求不遵守此类记录,那么请求将被拒绝。 If the request does not comply with such records, then the request will be rejected.

[0076] 为了提供保护内容方面的较大灵活性,预想下文中称为分区的存储器的某些区域仅可由经适当验证的用户或应用程序来存取。 [0076] For providing greater flexibility in protecting content, it is envisioned in certain areas of the memory partitions hereinafter referred to only by properly authenticated users or applications to access. 当与基于密钥的数据加密的上述特征组合时,系统10提供较大的数据保护能力。 When combined with the above features of key-based data encryption, system 10 provides greater data protection capability. 如图2所示,快闪存储器20可将其存储容量划分为若干分区:用户区域或分区和定制分区。 As shown in FIG. 2, 20 may be the storage capacity of the flash memory is divided into partitions: a user area or partition and custom partitions. 用户区域或分区PO可由所有用户和应用程序在不验证的情况下存取。 User area or partition PO all users and applications can be accessed without authentication. 虽然存储在用户区域中的数据的所有位值可由任何应用程序或用户读取或写入(如果数据读取经加密的话),但没有解密权限的用户或应用程序将不能存取由存储在用户区域中的位值表示的信息。 While all bit values ​​of data stored in the user area by any application or user to read or write (if the encrypted data read it), but no permission to decrypt the user or application can not be accessed by the user is stored in bit value information represented area. 这(例如)由存储在用户区域PO中的文件102和104说明。 This (e.g.,) described by a file stored in the user area PO 102 and 104. 同样存储在用户区域中的是未加密文件(例如,106),其可由所有应用程序和用户读取和理解。 Also stored in the user area are unencrypted files (e.g., 106), which by all applications and users to read and understand. 因此,象征性地,经加密的文件展示为具有与其相关联的例如用于文件102 和104的锁。 Thus, symbolically, the encrypted file is shown as having associated therewith a lock for the file, for example, 102 and 104.

[0077] 虽然用户区域PO中的经加密文件无法由未经授权应用程序或用户理解,但此类应用程序或用户可能仍能够删除或破坏文件,这对于一些应用来说可能是不合需要的。 [0077] Although the encrypted file in the user area PO can not understand by the unauthorized user or application, but such applications or users may still be able to delete or destroy files, which for some applications may be undesirable. 出于此目的,存储器20还包含受保护定制分区,例如分区Pl和P2,其不能在没有预先验证的情况下被存取。 For this purpose, the memory 20 also includes protected custom partitions such as partitions Pl and P2, which can not be accessed without prior authentication. 下文中阐释本申请案中的实施例中准许的验证过程。 Authentication process explained hereinafter embodiments of the present application permitted.

[0078] 同样如图2中所说明,多种用户或应用程序可存取存储器20中的文件。 [0078] Also illustrated in Figure 2, a variety of user or application can access files in the memory 20. 因此,用户1和2以及应用程序1_4(在装置上运行)在图2中展示。 Accordingly, the user 1 and the application 2 and 1_4 (running on the device) is shown in FIG. 在允许这些实体存取存储器20中的受保护内容之前,其首先以下文中阐释的方式由验证过程验证。 Before these entities are allowed to protected content access memory 20, the text is first verified by way of illustration verification process. 在此过程中,正请求存取的实体需要在主机侧被识别以实现基于角色的存取控制。 In this process, the entity is requesting access needs to be identified to implement role based access control on the host side. 因此,请求存取的实体首先通过供应例如“我是应用程序2,且我希望读取文件1”等信息来识别其自身。 Thus, the entity requesting access by supplying a first example, "I am application 2 and I wish to read file 1" and other information to identify itself. 控制器12 接着将身份、验证信息和请求与存储在存储器20或控制器12中的记录进行匹配。 The controller 12 then identity verification information and the request stored in the matching record in the memory 12 or controller 20. 如果满足所有要求,那么接着向此实体准予存取权。 If all requirements are met, then granted access to this entity. 如图2中所说明,允许用户1从分区Pl中的文件101读取和向其进行写入,但除了用户1具有从PO中的文件106读取和向其进行写入的不受限权利外,用户1仅可读取文件102和104。 As illustrated in Figure 2, allows the user to partition Pl from 1 101 to read the file and writing to it, but in addition to user 1 having unrestricted rights to write files from PO 106 reads and thereto In addition, a user can only read files 102 and 104. 另一方面,不允许用户2存取文件101 和104但用户2具有对文件102的读取和写入存取权。 On the other hand, the user is not allowed to access the file 2 104 101 and 2 but the user has read and write access to the file 102. 如图2中所指示,用户1和2具有相同登录算法(AES),而应用程序1和3具有不同登录算法(例如,RSA和001001),其也不同于用户1和2的登录算法。 As indicated in Figure 2, the user 1 1 2 User login algorithm and have the same login algorithm (the AES), and the application 1 and 3 have different login algorithms (e.g., RSA, and 001001), and which is also different from 2.

[0079] 安全存储应用程序(SSA)是存储器系统10的安全性应用,且说明本发明的一实施例,其可用于实施上文识别的特征中的许多特征。 [0079] The Secure Storage Application (SSA) is a security application of the memory system 10, and illustrates an embodiment of the present invention, which may be used to implement many of the features identified in the above. SSA可体现为软件或计算机代码,其中数据库存储在存储器20或CPU 12中的非易失性存储器(未图示)中,且被读取到RAM12a中并由CPU 12执行。 SSA may be embodied as software or computer code in the memory 20 in the CPU 12 or a nonvolatile memory (not shown) which is stored in the database, and is read and executed by the CPU 12 executes RAM12a. 下表中陈述参考SSA使用的首字母缩略词: SSA stated in the table below refer to the first letter of the use of acronyms:

[0080] 定义、首字母缩略词和缩写 [0080] definitions, acronyms and abbreviations

[0081] [0081]

Figure CN101490689BD00121

[0082] SSA系统描述 [0082] SSA System Description

[0083] 数据安全性、完整性和存取控制是SSA的主要作用。 [0083] Data security, integrity and access control are the major role in the SSA. 数据是原本会清楚地存储在某种大容量存储装置上的文件。 Data are stored in files that would otherwise be apparent in some of the mass storage device. SSA系统位于存储系统的顶部且为所存储的主机文件添加安全性层,并通过下文描述的安全性数据结构提供安全性功能。 The SSA system at the top of the storage system and the host is added layer of security for the file is stored, and described hereinafter security data structure provides security features.

[0084] SSA的主要任务是管理与存储器中存储(且安全)的内容相关联的不同权利。 [0084] The main task of the SSA is to manage the memory in the store (and secure) the different rights associated with the content. 存储器应用程序需要管理多个用户和对多个所存储内容的内容权利。 The memory application needs to manage multiple users and content rights to multiple stored content. 主机应用程序从其侧看到此类应用程序可见的驱动程序和分区,以及管理并描绘存储装置上所存储文件的位置的文件分配表(FAT)。 Seen from the side of the host application such applications visible to drivers and partitions, as well as manage and drawing file allocation table (FAT) file location stored on the storage device.

[0085] 在此情况下,存储装置使用划分为分区的NAND快闪芯片,但也可使用其它移动存储装置且其在本发明的范围内。 [0085] In this case, the memory device is divided into partitions using NAND flash chips, but other mobile storage devices may be used within the scope of the present invention and its. 这些分区是连续的逻辑地址线程,其中开始和结束地址界定其边界。 These partitions are contiguous logical address of the thread, which start and end addresses defining its boundaries. 因此,可视需要借助软件(例如,存储在存储器20中的软件)向对隐藏分区的存取强加限制,所述软件使此类限制与此类边界内的地址相关联。 Accordingly, as needed by software (e.g., software stored in the memory 20) to impose restrictions on access to the hidden partition, such that the said software limitations associated with such an address within the boundary. SSA可通过由其管理的分区的逻辑地址边界来完全辨别分区。 SSA partitions can be completely distinguished by its logical address to manage partition boundaries. SSA系统使用分区来物理上保护数据使其免于未经授权的主机应用程序的影响。 SSA system uses affect partitions to physically protect data from unauthorized making host applications. 对于主机,分区是界定在其中存储数据文件的专门空间的机制。 For the host, where the partition is defined in the space of a special mechanism to store data files. 这些分区可为公共的,其中具有对存储装置的存取权的任何人均可了解并意识到装置上分区的存在;或者分区为专用或隐藏的,其中仅选定的主机应用程序可存取并意识到其存在于存储装置中。 These partitions may be public, where anyone with access to the storage device can understand and appreciate the presence of the partition means; or a dedicated partition or hidden, where only the selected host applications have access to and aware of its presence in the storage device.

[0086] 图3是说明存储器的分区P0、P1、P2和P3 (显然,可使用少于或多于四个分区)的存储器的示意图,其中PO是可由任何实体在不验证的情况下存取的公共分区。 [0086] FIG. 3 is a diagram illustrating the memory partitions P0, P1, P2 and P3 is a schematic view of a memory (obviously fewer or more than four partitions may be used), where PO is accessed by any entity without authentication the public partition.

[0087] 专用分区(例如,P1、P2或P3)隐藏对其内部的文件的存取。 [0087] dedicated partition (e.g., P1, P2 or P3) hides the access to its internal file. 通过防止主机存取所述分区,快闪装置(例如,快闪卡)给予对分区内部的数据文件的保护。 For protection of data files inside the partition by preventing the host accessing the partition, the flash device (e.g. flash card). 然而,这种保护通过向对存储在分区内的逻辑地址处的数据的存取强加限制而涵盖了驻存在隐藏分区中的所有文件。 However, this protection through all the files in the hidden partition reside while covering impose restrictions to access to data stored at an address in a logical partition of. 换句话说,所述限制与某一逻辑地址范围相关联。 In other words, the restriction associated with a particular logical address range. 能够存取所述分区的所有用户/主机将具有对内部所有文件的不受限存取权。 The partition can be accessed by all users / hosts will have unrestricted access to all the files inside. 为了将不同文件(或文件群组)彼此隔离,SSA系统使用密钥和密钥参考或密钥ID提供每文件或文件群组的另一水平的安全性和完整性。 For different files (or group) isolated from each other, SSA system using keys and key references or key ID provide another level of each file or group of security and integrity. 用于加密不同存储器地址处的数据的特定密钥值的密钥参考或密钥ID可类推到含有经加密数据的容器或域。 Key reference or key ID of a particular key value used for encrypting data at different memory addresses can be extrapolated to a container or domain contains encrypted data. 出于这个原因,在图4中,密钥参考或密钥ID (例如,“密钥1”和“密钥2”)用图形展示为围绕使用与密钥ID相关联的密钥值加密的文件的区域。 For this reason, in the fourth, reference or key ID of a key map (e.g., "Key 1" and "2 key") used to surround graphically display associated with the key ID of the encryption key value zone file.

[0088] 参看图4,举例来说,文件A可由所有实体在不验证的情况下存取,因为其展示为未被任何密钥ID封闭。 [0088] Referring to FIG. 4, for example, access to the file A without verification by all entities, because they show not any key ID is closed. 尽管公共分区中的文件B可由所有实体读取或重写,但其含有以具有ID “密钥1”的密钥加密的数据,使得文件B中所含的信息不可由实体存取,除非此实体具有对此密钥的存取权。 Although common partition file B read or overwritten by all entities, but it contains data encrypted with a key ID "Key 1", so that the information contained in the file B is inaccessible by an entity, unless entity has access to this key. 以此方式,使用密钥值和密钥参考或密钥ID仅提供逻辑保护,这与由上文描述的分区提供的保护类型形成对比。 In this manner, using key values ​​and key reference or key ID provide logical protection only, which is protected by a partition type described above provide contrast. 因此,可存取分区(公共或专用)的任何主机能够读取或写入整个分区中的数据,包含经加密数据。 Accordingly, any host can access a partition (public or private) is capable of reading or writing data in the entire partition, including the encrypted data. 然而,由于数据经加密,所以未经授权的用户仅可破坏它。 However, since the data encrypted, so unauthorized users can only destroy it. 其优选地不能在不被检测到的情况下改变数据。 Which preferably can not be changed without the data to be detected. 通过限制对加密和/或解密密钥的存取权,此特征可仅允许经授权的实体使用所述数据。 By limiting access to encryption and decryption keys or / and an entity of this feature may only allow authorized using the data. 文件B和C也在PO中使用具有密钥ID “密钥2”的密钥加密。 PO files B and C are used having a key encryption key ID "key 2".

[0089] 可通过使用内容加密密钥(CEK)的对称加密方法(每CEK —种方法)来提供数据机密性和完整性。 [0089] can be obtained by using the content encryption key (CEK) symmetric encryption method - to provide data confidentiality and integrity (per CEK method). 在SSA实施例中,CEK中的密钥值由仅在内部使用的快闪装置(例如,快闪卡)产生或接收,并对于外界保持作为秘密。 In the SSA embodiment, the key value in CEK only generated by the flash device (e.g. flash card) used internally or received, and maintained as a secret to the outside world. 经加密或译成密码的数据也可为散列的或密码被链式分块以确保数据完整性。 Via data encryption or ciphering may also be password or hash chain blocked to ensure data integrity.

[0090] 并非分区中的所有数据由不同密钥加密并与不同密钥ID相关联。 [0090] Not all data in the partition is encrypted by different keys and associated with different key ID. 公共或用户文件中或操作系统区域(即,FAT)中的某些逻辑地址可能不与任何密钥或密钥参考相关联, 且因此可由可存取分区本身的任何实体使用。 Some logical address of a public or user files or in the operating system area (i.e., the FAT) may not in any associated key or key reference, and thus may be used by any entity that can access the partition itself.

[0091] 调用创建密钥和分区以及从其中进行数据写入和读取或使用密钥的能力的实体需要通过存取控制记录(ACR)登录SSA系统。 Entity [0091] calls from partitions and keys and creating wherein writing and reading data using a key or the ability to log the SSA system by the access control record (ACR). SSA系统中的ACR的特权称为动作。 ACR of the SSA system privilege is called action. 每个ACR 可具有许可以执行以下三个类别的动作:创建分区和密钥/密钥ID、存取分区和密钥,以及创建/更新其它ACR。 Each ACR may have permission to perform the operation of three categories: Creating partitions and keys / key ID, access key and the partition, and creating / updating other ACR.

[0092] ACR以群组来组织,称为ACR群组或AGP。 [0092] ACR organized in groups called ACR Groups or AGP. 一旦ACR已经成功验证,SSA系统就打开一对话,通过所述对话可执行ACR的动作的任一者。 Once the ACR has successfully authenticated, the SSA system opens a dialogue, the dialogue may perform operation by any one of the ACR. ACR和AGP是用于根据策略控制对分区和密钥的存取的安全性数据结构。 AGP and ACR is a security data structure of a partition access control policy and the key.

[0093] 用户分区 [0093] User Partition

[0094] SSA系统管理一个或一个以上公共分区,也称为用户分区。 [0094] SSA system manages one or more public partitions, also referred to as the user partition. 此分区存在于存储装置上,且是可通过存储装置的标准读取写入命令存取的分区。 This partition exists on the storage device, and the command is a read write memory accesses partitions by standard means. 获得关于分区大小以及其在装置上的存在状态的信息优选地不能向主机系统隐藏。 Preferably, to obtain information about its present state and the size of the partition on the device can not be hidden from the host system.

[0095] SSA系统使得能够通过标准读取写入命令或SSA命令存取此分区。 [0095] SSA system enables standard read write commands or the SSA commands by accessing this partition. 因此,存取分区优选地不可限于特定ACR。 Thus, the access is not limited to a specific partition preferably ACR. 然而,SSA系统可使主机装置能够将存取限于用户分区。 However, SSA system enables the host device to access limited to the user partition. 可个别地启用/停用读取和写入存取。 Can individually enable / disable read and write access. 允许所有四个组合(例如,仅写入、仅读取(写入保护)、读取和写入,以及无存取)。 Allow All four combinations (e.g. write only, read only (write protect), read and write and no access).

[0096] SSA系统使ACR能够将密钥ID与用户分区内的文件相关联,并使用与此类密钥ID 相关联的密钥来加密个别文件。 [0096] SSA System ACR is possible to enable a user key ID sub-file associated with the region, and using a key associated with such key ID to encrypt individual files. 存取用户分区内的经加密文件以及设定对分区的存取权将使用SSA命令集来完成。 User partition to access the encrypted file, and setting partitions to access using the SSA command set to complete. 以上特征也适用于未组织为文件的数据。 The above features also apply to the data file is not organized.

[0097] SSA 分区 [0097] SSA partition

[0098] 这些是仅可通过SSA命令存取的隐藏(对未经授权方隐藏)分区。 [0098] These are only accessible by the SSA command hidden (hidden from unauthorized parties) partition. 除了通过借助登录到ACR上建立的对话(下文描述)来存取SSA分区之外,SSA系统将优选地不允许主机装置存取SSA分区。 In addition to the dialog by means of log (described below) to establish access to the ACR SSA partition, the SSA system will preferably not allow the host device to access SSA partitions. 类似地,优选地,SSA将不提供关于SSA分区的存在、大小和存取许可的信息,除非此请求通过所建立的对话而到来。 Similarly, preferably, SSA will not provide SSA partitions exist on, size, and information access permission, through dialogue and the established arrival unless this request.

[0099] 对分区的存取权是从ACR许可导出的。 [0099] access to partitions are derived from the ACR license. 一旦ACR登录到SSA系统中,其就可与其它ACR共享分区(下文描述)。 Once logged into the SSA system ACR, it can (described later) share the partition with other ACR. 当创建分区时,主机为分区提供参考名称或ID (例如,图3 和4中的P0-P;3)。 When the partition is created, the host provides a reference name or ID (e.g., P0-P in FIG. 3, and 4; 3) for the partition. 此参考用于对分区的进一步读取和写入命令中。 This reference further partitions for read and write commands.

[0100] 存储装置的分割 [0100] dividing the memory device

[0101] 装置的所有可用存储容量优选地分配到用户分区和当前配置的SSA分区。 [0101] All available storage capacity of the device is preferably allocated to the user partition and the currently configured SSA partitions. 因此, 任何再分割操作可能涉及现有分区的重新配置。 Thus, any further division operation may involve reconfiguration of the existing partitions. 对装置容量(所有分区的大小之和)的净变化将为零。 The net change device capacity (sum of sizes of all partitions) will be zero. 装置存储器空间中的分区的ID由主机系统界定。 Device memory space defined by the partition ID of the host system.

[0102] 主机系统可将现有分区的一者再分割为两个较小分区或将两个现有分区(其可能或可能不邻近)合并为一个。 [0102] The host system may be one of the existing partitions into two smaller partitions subdividing or two existing partitions (which may or may not be adjacent) into one. 经划分或合并的分区中的数据可由主机斟酌而擦除或保持不受影响。 Via data partitioning or merged partitions can be erased or appropriate host remains unaffected.

[0103] 由于存储装置的再分割可能导致数据损失(因为其在存储装置的逻辑地址空间中被擦除或到处移动),所以SSA系统管理对再分割的严格限制。 [0103] Since the subdivided memory device may result in loss of data (because it was erased or moved around in the logical address space of the storage device), so that the management of the SSA system strictly limit subdivision. 仅允许驻存在根AGP (下文阐释)中的ACR发布再分割命令,且其仅可参考其所拥有的分区。 Allowing only publish the root ACR residing in the AGP (explained below) is then a separate command, and it can only reference partitions owned by it. 由于SSA系统不知道数据在分区中如何组织(FAT或其它文件系统结构),所以主机的责任是在再分割装置的任何时间重建这些结构。 Since the SSA system does not know how to organize data in partitions (FAT or other file system structure), it is the responsibility of the host at any time to rebuild the structure of the dividing means.

[0104] 用户分区的再分割将改变主机OS所看到的此分区的大小和其它属性。 [0104] subdivided user partition will change the size of the host OS can see and other attributes of this partition.

[0105] 再分割之后,主机系统的责任是确保SSA系统中的任何ACR不在参考非现有分区。 [0105] After the re-division, the responsibility of the host system to ensure that any ACR SSA system is not in reference to non-existing partitions. 如果这些ACR未被适当删除或更新,那么代表这些ACR存取非现有分区的将来尝试将被系统检测到并拒绝。 If the ACR is not properly deleted or updated, on behalf of the ACR access non-existing partitions future attempts will be detected and the system to reject. 关于删除的密钥和密钥ID予以类似注意。 About delete keys and key ID to be similar attention.

[0106] 密钼、密钼ID和逻辑保护 [0106] dense molybdenum, molybdenum secret ID and logical protection

[0107] 当将文件写入到某一隐藏分区时,其向一般公众隐藏。 [0107] When a write files to a hidden partition, which is hidden from the general public. 但是,一旦一实体(敌对或不敌对)获得了解和对此分区的存取权,文件就变得可用且容易看见。 However, once an entity (hostile or lost to) understand and get access to this partition, the file becomes available and easy to see. 为了进一步保护文件,SSA可在隐藏分区中对其进行加密,其中用于存取用于对文件进行解密的密钥的凭证优选地不同于那些用于存取分区的凭证。 To further protect the file, the SSA can encrypt it in the hidden partition, which is used for accessing the key for decrypting the file are preferably different from those credentials credentials for accessing the partition. 由于文件完全由主机控制和管理的事实,所以使CEK 与文件相关联成为问题。 Since the file entirely by the fact that the host control and management, so the CEK associated with the file becomes a problem. 将文件链接到SSA确认的某一内容(密钥ID)将对此进行校正。 Link to a file content (key ID) SSA confirmation of this will be corrected. 因此,当SSA创建密钥时,主机使此密钥的密钥ID与使用由SSA创建的密钥加密的数据相关联。 Thus, when creating the key SSA, so that a host ID and encrypted using the key created by the SSA data associated with this key. 如果所述密钥连同密钥ID—起被发送到SSA,那么所述密钥和密钥ID可容易地彼此相关联。 If the key is to be transmitted together with ID- from SSA, then the key and key ID can be easily associated with each key.

[0108] 密钥值和密钥ID提供逻辑安全性。 [0108] key value and key ID provide logical security. 与给定密钥ID相关联的所有数据(不管其位置如何)用内容加密密钥(CEK)中的相同密钥值译成密码,所述CEK的参考名称或密钥ID在由主机应用程序创建时唯一地提供。 All data (regardless of their position) with the same content key encryption key (CEK) in a given ciphering value associated with the key ID to the CEK reference name or key ID of the application by the host when you create a uniquely provide. 如果一实体获得对隐藏分区的存取权(通过经由ACR验证)并希望读取或写入此分区内的经加密文件,那么其需要能够存取与所述文件相关联的密钥ID。 If an entity obtains access to a hidden partition (via validation ACR) and wishes to read or write to the encrypted file of this partition, then it needs to be able to access the file associated with the key ID. 当准予对针对此密钥ID的密钥的存取时,SSA将密钥值加载于与此密钥ID相关联的CEK中,并在将数据发送到主机之前对数据进行解密,或在将数据写入到快闪存储器20之前对数据进行加密。 When grants access key for this key ID's, the SSA loads the key value in CEK associated with this key ID's, and transmits the data to decrypt the data before the host, or the 20 to encrypt the data prior to writing data to the flash memory. 在一个实施例中,SSA系统随机创建与密钥ID相关联的CEK中的密钥值一次,并由SSA系统维持所述密钥值。 In one embodiment, the SSA system creates a random key CEK and a key value associated with the ID, the SSA system is maintained by the key value. SSA系统外部没有任一方了解或能够存取CEK中的此密钥值。 Outside the SSA system is not either know or be able to access to this key value in CEK. 外界仅提供并使用参考或密钥ID,而不是CEK中的密钥值。 And using only the external reference or key ID, not the key value in CEK. 密钥值完全由SSA管理且优选地仅可由SSA存取。 SSA completely managed by the key value and preferably accessible only by SSA. 或者,可将密钥提供给SSA系统。 Alternatively, the key may be provided to the SSA system.

[0109] SSA系统使用以下密码模式中的任一者(用户定义)来保护与密钥ID相关联的数据(所使用的实际密码算法以及CEK中的密钥值由系统控制且不揭示给外界):[0110] 区块模式-数据划分为区块,每一区块经个别加密。 [0109] SSA system uses the following cipher modes in any one (user defined) to protect the data associated with the key ID (the actual cryptographic algorithms and key value in CEK to be used by the system control and not disclosed to the outside ): [0110] block mode - data is divided into blocks, each block encrypted by the individual. 此模式通常视为不太安全且容易受字典攻击。 This mode is usually viewed as less secure and is vulnerable to dictionary attacks. 然而,其将允许用户随机存取数据区块中的任一者。 However, it will allow users to randomly access data in any one block.

[0111] 链接模式-数据划分为区块,所述区块在加密过程期间链接。 [0111] Link mode - Data is divided into blocks, the blocks during the encryption process link. 每个区块被用作对下一区块的加密过程的输入中的一个输入。 Each block is used as an input to the input of the encryption process of the next block. 在此模式中(尽管视为较安全的),从开始到结束循序写入和读取数据,从而创建可能不可被用户接受的额外开销。 In this mode (although regarded as safer), overhead start to finish sequential write and read data to create user may not be accepted from.

[0112] 散列的-额外创建了可用于证实数据完整性的数据摘要的链模式。 [0112] hash - can be used to create additional data confirm the integrity of the data summaries chain.

[0113] ACR和存取控制 [0113] ACR and access control

[0114] SSA经设计以处置多个应用程序,其中所述应用程序的每一者在系统数据库中表示为节点树。 [0114] SSA is designed to handle multiple applications, wherein each of the application program represented by a tree of nodes in the system database. 通过确保树分支之间无串扰来实现应用程序之间的相互排斥。 To achieve mutual exclusion between applications by ensuring that no cross-talk between the tree branches.

[0115] 为了获得对SSA系统的存取权,实体需要经由系统的ACR的一者建立连接。 [0115] In order to gain access to the SSA system, an entity needs to establish a connection via one of the ACR system. SSA系统根据用户选择与其连接的ACR中内嵌的定义来管理登录程序。 The SSA system connected thereto according to user selection ACR embedded defined to manage login program.

[0116] ACR是到达SSA系统的个别登录点。 [0116] ACR is an individual login point to reach the SSA system. ACR保持登录凭证和验证方法。 ACR keep the login credentials and authentication methods. 同样驻存在记录中的是SSA系统内的登录许可,其中是读取和写入特权。 Also residing in the record is login permissions within the SSA system, which is read and write privileges. 这在图5中说明,图5说明同一AGP中的η个ACR。 This is illustrated in FIG. 5, FIG. 5 illustrates a η ACR in the same AGP. 这意味着η个ACR中的至少一些可共享对同一密钥的存取权。 This means that η a ACR least some may share access to the same key. 因此, ACR#1和ACR#n共享对具有密钥ID “密钥3”的密钥的存取权,其中ACR#1和ACR#n是ACR ID,且“密钥3”是用于加密与“密钥3”相关联的数据的密钥的密钥ID。 Thus, ACR # 1 and ACR # n having shared access to the key ID "Key 3" key, where ACR # 1 and ACR # n are ACR ID, and "Key 3" is an encryption and "key 3" key ID of the key data is associated. 同一密钥还可用于加密和/或解密多个文件,或多个数据集。 The same key may also be used to encrypt and / or decrypt multiple files, or multiple sets of data.

[0117] SSA系统支持到系统上的若干类型的登录,其中验证算法和用户凭证可变化,如一旦用户成功登录则用户在系统中的特权可变化那样。 [0117] SSA system supports several types on the system log, wherein the authentication algorithm and user credentials may vary, as soon as the user successfully logs the user privileges in the system that may vary. 图5再次说明不同的登录算法和凭证。 Figure 5 illustrates different login algorithms and credentials again. ACR#1指定密码登录算法且密码作为凭证,而ACR#2指定PKI (公共密钥基础结构)登录算法且公共密钥作为凭证。 ACR # 1 specifies the password algorithm and password as credentials, and ACR # 2 designated PKI (Public Key Infrastructure) login algorithm and public key as credential. 因此,为了登录,实体将需要提供有效的ACR ID,以及正确的登录算法和凭证。 Therefore, in order to log in, the entity will need a valid ACR ID, as well as the correct login algorithm and credential.

[0118] 一旦实体已登录到SSA系统的ACR中,就在与ACR相关联的许可控制记录(PCR)中界定其许可(其使用SSA命令的权利)。 [0118] Once an entity is logged into an ACR of the SSA system, its definition on licenses (the use of claim SSA command) is associated with the ACR permissions control record (PCR) in. 在图5中,根据所展示的PCR,ACR#1准予对与“密钥3”相关联的数据的仅读取许可,且ACR#2准予读取和写入与“密钥5”相关联的数据的许可。 In FIG. 5, according to the illustrated PCR, ACR # 1 and a grant for a "Key 3" associated data only read permission, and ACR # 2 grants read and write and "Key 5" associated with license data.

[0119] 不同的ACR可在系统中共享共同兴趣和特权,例如用以读取和写入的密钥方面的共同兴趣和特权。 [0119] Different ACR may share common interests and privileges in the system, for example to common interests and privileges of the key aspects of reading and writing. 为了实现这一目的,具有共同之处的ACR分组为AGP-ACR群组。 To achieve this, ACR packets having common to AGP-ACR group. 因此, ACR#1和ACR#n共享对具有密钥ID “密钥3”的密钥的存取权。 Thus, ACR # 1 and ACR # n shared access to the key having the key ID "Key 3" is.

[0120] AGP和其内部的ACR以层级树组织,且因此除了创建保持敏感数据安全的安全密钥以外,ACR可优选地还创建对应于其密钥ID/分区的其它ACR实体。 [0120] AGP and ACR its internal organization of a hierarchical tree, and therefore, in addition to creating a security key holder security sensitive data outside, ACR can preferably also create other ACR entity corresponding to its key ID / partitions. 这些ACR子代将具有与其父代(创建者)相同或少于其父代的许可,且可被给予针对父代ACR自身创建的密钥的许可。 The ACR offspring will have the same or less than the parent's license with their parent (creator), and can be given a key for a parent's permission to create their own ACR. 不言而喻,子代ACR获得对其所创建的任何密钥的存取许可。 It goes without saying, offspring ACR obtain access to license any of its keys are created. 这在图6中说明。 This is illustrated in FIG. 因此,AGP 120中的所有ACR均由ACR 122创建,且此类ACR中的两个从ACR 122继承对存取与“密钥3”相关联的数据的许可。 Thus, the ACR 120 AGP is created by ACR 122 and two of such ACR inherit from ACR 122 and the pair of access "Key 3" license associated data.

[0121] AGP [0121] AGP

[0122] 通过指定AGP和AGP内的ACR来完成到SSA系统上的登录。 [0122] accomplished by specifying an AGP and the ACR within the AGP login to the SSA system.

[0123] 每个AGP具有唯一ID (参考名称),其用作针对其在SSA数据库中的条目的索引。 [0123] Every AGP has a unique ID (reference name), which serves as an index for its entry in the SSA database. 当创建AGP时,AGP名称提供到SSA系统。 When creating AGP, AGP names provided to the SSA system. 如果所提供的AGP名称已存在于系统中,那么SSA将拒绝创建操作。 If the provided AGP name already exists in the system, then the SSA will reject the creation operation.

[0124] AGP用于管理对如以下段落中将描述的存取和管理许可的授权的限制。 [0124] AGP is used to manage and limit access to authorized management as described in the following paragraphs licensed. 图6中的两个树所提供的功能之一是管理完全分离实体(例如,两个不同应用程序,或两个不同计算机用户)的存取。 One of the two trees in Fig. 6 is to manage the functions provided completely separate entity (e.g., two different applications, or two different computer users) access. 出于此类目的,可能重要的是,两个存取过程大体彼此独立(即,实质上无串扰),即使两者同时发生。 For such purposes, it may be important that the two access processes substantially independently of each other (i.e., substantially no cross-talk), even though both occur. 这意味着每一树中的验证、许可以及额外ACR和AGP的创建不连接到且不依赖于另一树的验证、许可以及额外ACR和AGP的创建。 This validation means that each tree, as well as create additional license ACR and AGP is not connected to the validation does not rely on another tree, as well as create additional licensing the ACR and AGP. 因此,当SSA系统用于存储器10中时,这允许存储器系统10同时服务于多个应用程序。 Thus, when the SSA system is used in memory 10, this allows the memory system 10 to serve multiple applications simultaneously. 其还允许两个应用程序彼此独立地存取两个单独数据集(例如,照片集和歌曲集)。 It also allows the two applications to access two separate independent data sets (e.g., photo album and set) to each other. 这在图6中说明。 This is illustrated in FIG. 因此,与针对经由图6的顶部部分中的树中的节点(ACR)的应用程序或用户存取的“密钥3”、“密钥X”和“密钥Z”相关联的数据可包括照片。 Thus, for the access via the top part of FIG. 6 in the tree node (ACR) or user application "Key 3", "Key X" and "key Z" may include data associated photo. 与针对经由图6的底部部分中的树的节点(ACR) 的应用程序或用户存取的“密钥5”和“密钥Y”相关联的数据可包括歌曲。 And the data for "Key 5" and a "key Y" associated with the access node via the bottom part of FIG. 6 in the tree (ACR) applications or the user may comprise songs. 创建AGP的ACR 具有仅当AGP没有ACR条目时删除所述AGP的许可。 The ACR has created AGP AGP deleted only when the AGP is no ACR entry permit.

[0125] 实体的SSA入口点:存取控制记录(ACR) [0125] SSA entity entry point: Access Control Record (ACR)

[0126] SSA系统中的ACR描述准许实体登录到系统中的方式。 ACR Description [0126] SSA system entity permitted to log on to the system mode. 当实体登录到SSA系统中时,其需要指定对应于其即将执行的验证过程的ACR。 When an entity to log on to the SSA system, it needs to designate corresponding thereto authentication procedure to be executed in the ACR. ACR包含许可控制记录(PCR),其说明一旦如图5中说明的ACR中所定义而经验证用户就可执行的所准予的动作。 ACR comprising admission control record (PCR), which operates as described granted authenticated user can execute once the ACR 5 defined illustrated in FIG. 主机侧实体提供所有ACR数据字段。 Host side entity provides all the ACR data fields.

[0127] 当实体已成功登录到ACR上时,实体将能够查询所有ACR的分区以及密钥存取许可和ACAM许可(下文阐释)。 [0127] When an entity has successfully logged on to the ACR, the entity will be able to query the partition and key access permissions and ACAM permit all ACR (explained below).

[0128] ACR ID [0128] ACR ID

[0129] 当SSA系统实体启始登录过程时,其需要指定对应于登录方法的ACR ID (由主机当创建ACR时提供),使得当已满足所有登录要求时SSA将设置正确算法并选择正确PCR。 [0129] When the SSA system entity initiates the login process it needs to specify the corresponding login process ACR ID (provided when creating ACR by the host), such that when it has been satisfied that all registration request SSA will set the correct algorithms and select the correct PCR . 当创建ACR时,将ACR ID提供到SSA系统。 When creating ACR, the ACR ID provided to the SSA system.

[0130] 登录/验证算法 [0130] login / authentication algorithm

[0131] 验证算法指定什么种类的登录程序将被实体使用,以及需要什么种类的凭证来提供用户身份的证明。 [0131] authentication algorithm specified what kind of entity login program will be used and what kind of credentials are required to provide proof of user identity. SSA系统支持若干标准登录算法,在从无程序(以及无凭证)和基于密码的程序到基于对称或不对称密码术的双向验证协议的范围内变化。 The SSA system supports several standard login algorithms, from no procedure (and no credential) and password-based procedures to the bidirectional authentication protocol based on symmetric or asymmetric cryptography in the range of variation.

[0132] MH [0132] MH

[0133] 实体的凭证对应于登录算法,且由SSA使用以检验并验证用户。 [0133] login credentials entity corresponding to the algorithm and used by the SSA to verify and authenticate the user. 凭证的实例可以是用于密码验证的密码/PIN数字、用于AES验证的AES密钥等。 Examples of credentials may be a password / PIN number for password authentication, AES key for AES authentication, etc. 凭证的类型/格式(即, PIN、对称密钥等)经预先定义并从验证模式导出;当创建ACR时,将其提供到SSA系统。 Document type / format (i.e., PIN, the symmetric key, etc.) pre-defined and derived from the authentication mode; when creating ACR, which is provided to the SSA system. SSA 系统与定义、分配和管理这些凭证无关,基于PKI的验证除外,其中装置(例如,快闪卡)可用于产生RSA或其它类型的密钥对,且公共密钥可被导出以用于证书产生。 SSA system is defined, independent allocation and management of these credentials, with the exception of PKI based authentication where the device (e.g. flash card) can be used to generate the RSA key pair or other type, and the public key can be exported for certificate produce.

[0134] 许可控制记录(PCR) [0134] Admission Control Record (PCR)

[0135] PCR展示在登录到SSA系统中并成功通过ACR的验证过程之后准予实体的内容。 [0135] PCR show content entity granted after logging on to the SSA system and successfully passed the verification process of the ACR. 存在三种类型的许可类别:用于分区和密钥的创建许可、针对分区和密钥的存取许可,以及用于实体-ACR属性的管理许可。 There are three types of license categories: for creating partitions and license keys, access permissions for partition and keys, as well as licenses for the management entity -ACR property.

[0136] 存取分区 [0136] Partition Access

[0137] PCR的此段落含有实体在成功完成ACR阶段后可存取的分区的列表(使用如提供到SSA系统的其ID)。 [0137] PCR of this paragraph containing a list of the entities in the partition after the successful completion of Phase accessible ACR (as provided to the SSA system to use their ID). 对于每一分区,存取类型可限于仅写入或仅读取,或可指定完全写入/读取存取权。 For each partition the access type may be restricted to read only or write only or may specify full write / read access. 因此,图5中的ACR#1能够存取分区#2而不是分区#1。 Thus, in FIG. 5 the ACR # 1 has access to partition # 2 and not partition # 1. PCR中指定的限制适用于SSA分区和公共分区。 PCR specified limits apply to SSA partition and a public partition.

[0138] 可通过到达代管SSA系统的装置(例如,快闪卡)的规则读取和写入命令或通过SSA命令来存取公共分区。 [0138] or the read and write commands can be accessed through a public partition SSA command means (e.g., a flash card) hosting the SSA system reaches the rules. 当以限制公共分区的许可创建根ACR(下文阐释)时,其可将所述许可传递到其子代。 When the permission to restrict the public partition of the ACR creates the root (explained below), which may be transmitted to the progeny of the license. ACR可优选地仅限制规则读取和写入命令存取公共分区。 ACR can preferably only restrict the regular read and write commands to access a public partition. SSA系统中的ACR可优选地仅在其创建后被限制。 ACR in the SSA system can preferably be created only after limiting thereof. 一旦ACR具有从公共分区读取/向公共分区写入的许可时,优选地其不能被取走。 Once the ACR has the permission to read / write to a public partition from the public partition, preferably it can not be removed.

[0139] 存取密钼ID [0139] Access ID dense molybdenum

[0140] PCR的此段落含有与当实体的登录过程已满足ACR策略时实体可存取的密钥ID (如由主机提供到SSA系统)的列表相关联的数据。 [0140] PCR data contained in this paragraph when the login procedure has been met ACR entity policy entity can access key ID (e.g. provided to the SSA system by the host) is associated with the list. 所指定的密钥ID与驻存在PCR中出现的分区中的文件相关联。 PCR partition appear in a file associated with the specified key ID and resident. 由于密钥ID不与装置(例如,快闪卡)中的逻辑地址相关联, 所以当一个以上分区与特定ACR相关联时,文件可为分区中的任一者。 Since the key ID is not in a logical address associated with the device (e.g. flash card), when the partition is associated with a more specific the ACR, the files can be any one partition. PCR中指定的密钥ID每一者可具有不同的存取权集。 Each key ID specified in the PCR can have access to different sets. 存取由密钥ID指向的数据可限于仅写入或仅读取,或可指定完全写入/读取存取权。 ID by the data key access points may be limited to only read or write only or may specify full write / read access.

[0141] ACR 属件管理(ACAM) [0141] ACR management metal member (ACAM)

[0142] 此段落描述在某些情况下可如何改变ACR的系统属性。 [0142] In this paragraph describes how in certain cases the ACR change the system attributes.

[0143] SSA系统中可准许的ACAM动作是: [0143] SSA System ACAM actions that may be permitted is:

[0144] 1.创建/删除/更新AGP和ACR。 [0144] 1. Create / delete / update AGP and ACR.

[0145] 2.创建/删除分区和密钥。 [0145] 2. Create / delete partitions and keys.

[0146] 3.授权对密钥和分区的存取权。 [0146] 3. The access authorization of keys and partitions.

[0147] 父代ACR优选地不能编辑ACAM许可。 [0147] parent ACR preferably can not edit ACAM permissions. 这将优选地需要删除和重新创建ACR。 This would preferably need to delete and re-create the ACR. 并且,对由ACR创建的密钥ID的存取许可优选地不能被取走。 And, for the key ID created by the ACR can preferably access permissions is removed.

[0148] ACR可具有创建其它ACR和AGP的能力。 [0148] ACR may have the ability to create other ACR and the AGP. 创建ACR也可意味着向其授权由其创建者拥有的一些或所有ACAM许可。 Creating ACR also means that some or all of its ACAM license authorized by its own creator. 具有创建ACR的许可意味着具有对于以下动作的许可: License means has created ACR has a license for the following actions:

[0149] 1.定义和编辑子代的凭证-验证方法优选地一旦通过创建ACR设定就不能被编辑。 [0149] 1. Define and edit the progeny credentials - the authentication method preferably by creating ACR once set can not be edited. 可在已针对子代定义的验证算法的边界内改变凭证。 We may change within the boundaries of the credentials verification algorithm defined for children.

[0150] 2.删除ACR。 [0150] 2. Delete the ACR.

[0151] 3.授权对子代ACR的创建许可(因此具有孙代)。 [0151] 3. The license authorizes the creation of the offspring of ACR (thus having grandchildren).

[0152] 具有创建其它ACR的许可的ACR具有向其所创建的ACR授权解除封锁许可的许可(尽管其可能不具有对ACR进行解除封锁的许可)。 [0152] have permission to create other ACR ACR ACR has a mandate to unblock it creates licensed license (although it may not have to be unblocked ACR's license). 父代ACR将把对其解除封锁者的参考放置在子代ACR中。 ACR reference to its parent will unblock's offspring placed in the ACR.

[0153] 父代ACR是具有删除其子代ACR的许可的唯一ACR。 [0153] ACR is a parent to delete their offspring the only ACR ACR license. 当ACR删除其创建的较低层的ACR时,接着由此较低层ACR产生的所有ACR也自动删除。 When deleting ACR ACR creates its lower layer, the lower layer and then the ACR ACR thereby generated automatically deleted. 当删除ACR时,接着删除其创建的所有密钥ID和分区。 When you delete ACR, and then delete all Key ID and partition it creates.

[0154] 存在ACR可更新其自身的记录的两个例外情况: [0154] ACR two exceptions exist may update its own record:

[0155] 1.密码/PIN(尽管由创建者ACR设定)仅可由包含其的ACR更新。 [0155] 1. password / PIN (although set by the creator ACR) only by the ACR comprising updating thereof.

[0156] 2.根ACR可删除其本身和其所驻存在的AGP。 [0156] 2. The root ACR may delete itself and they reside in the AGP.

[0157] 授权对密钥和分区的存取权1[0158] ACR及其AGP组合在层级树中,其中根AGP和其内部的ACR处于树的顶部(例如, 图6中的根AGP 130和132)。 [0157] access authorization of keys and partitions 1 [0158] ACR and AGP composition in the hierarchical tree, where the root AGP and an ACR in the interior of the top of the tree (e.g., the root AGP and 6130 in FIG. 132). SSA系统中可存在若干AGP树,但其完全彼此分离。 SSA system there may be several AGP trees, but completely separated from each other. AGP内的ACR可向其所处的同一AGP内的所有ACR以及向由其创建的所有ACR授权对其密钥的存取许可。 ACR within the AGP may authorize access to its license key to all ACR located within the same AGP as well as all of the ACR created by. 创建密钥的许可优选地包含授权使用密钥的存取许可的许可。 Creating license keys preferably contains key authorized to use the access permissions of the license.

[0159] 对密钥的许可划分为三个类别: [0159] division of the license keys into three categories:

[0160] 1.存取-这定义对于密钥的存取许可,即读取、写入。 [0160] 1. Access - this defines the access to the license key, i.e., read, write.

[0161] 2.所有权-依据定义,创建密钥的ACR是其所有者。 [0161] 2. Ownership - By definition, the key is created ACR is its owner. 此所有权可从一个ACR授权给另一ACR(倘若其处于同一AGP中或子代AGP中)。 This ownership can be authorized from one ACR ACR to another (provided it is in the same AGP or progeny of AGP). 密钥的所有权提供删除密钥以及授权对于所述密钥的许可的许可。 Ownership license key to provide the license key for the delete key and authorization.

[0162] 3.存取权授权-此许可使ACR能够授权其所持有的权利。 [0162] 3. Access Authorization - This license can authorize the ACR rights they hold.

[0163] ACR可授权对其所创建的分区以及其具有存取许可的其它分区的存取许可。 [0163] ACR may be authorized to access the license and its partitions created which partitions have access to other licensed.

[0164] 通过将分区的名称和密钥ID添加到所指定的ACR的PCR来完成许可授权。 [0164] Licensing accomplished by adding the key ID and the name of the partition to the designated ACR PCR. 授权密钥存取许可可通过密钥ID或通过陈述存取许可是针对授权ACR的所有所创建密钥来进行。 License key access permissions may be authorized for all ACR key created by statements by key ID or access permissions.

[0165] ACR的封锁和解除封锁 [0165] ACR blocking and unblocking of

[0166] ACR可具有封锁计数器,其当实体向系统进行的ACR验证过程不成功时递增。 [0166] ACR may have a blocking counter which increments when the entity ACR authentication process with the system is unsuccessful. 当达到不成功验证的某一最大数目(MAX)时,SSA系统将封锁ACR。 When a maximum number (MAX) to achieve successful verification, SSA system will be blocked ACR.

[0167] 被封锁ACR可由被封锁ACR所参考的另一ACR解除封锁。 Another ACR [0167] are blocked by the blocked ACR ACR referenced unblocked. 对解除封锁ACR的参考由其创建者设定。 ACR reference to unblock set by its creator. 解除封锁ACR优选地处于与被封锁ACR的创建者相同的AGP中,且具有“解除封锁”许可。 Unblock ACR preferably is in the creator ACR is blocked in the same AGP, and having "unblock" license.

[0168] 系统中没有其它ACR可对被封锁ACR解除封锁。 [0168] No other ACR in the system can unblock the blocked ACR. ACR可能配置有封锁计数器但没有解除封锁者ACR。 ACR may be configured with a counter blockade but did not lift the blockade by ACR. 在此情况下,如果此ACR被封锁,那么其无法被解除封锁。 In this case, if this ACR is blocked, then it can not be unblocked.

[0169] 根AGP-创建应用程序数据库 [0169] root AGP- create the application database

[0170] SSA系统经设计以处置多个应用程序并使其每一者的数据隔离。 [0170] SSA system is designed to handle multiple applications and isolate the data of each of the it. AGP系统的树结构是用于识别并隔离应用程序特定数据的主要工具。 Tree structure AGP system is the main tool used to identify and isolate application specific data. 根AGP处于应用程序SSA数据库树的尖端处并遵守稍许不同的行为规则。 AGP is at the tip of the root application SSA database tree and comply with slightly different rules of conduct. 若干根AGP可配置于SSA系统中。 Several root AGP in the SSA system can be configured. 两个根AGP 130和132展示于图6中。 Two root AGP 130 and 132 shown in FIG. 6. 显然,可使用更少或更多AGP,且其在本发明的范围内。 Obviously, fewer or more AGP, and within the scope of the invention which.

[0171] 通过将新AGP/ACR树添加到装置的过程,针对新应用程序和/或装置的新应用程序的发布凭证来注册装置(例如,快闪卡)。 [0171] By adding new AGP / ACR tree to the process unit, for publishing credentials for new applications of new applications and / or devices to register the device (such as a flash card).

[0172] SSA系统支持根AGP创建(以及根AGP的所有ACR及其许可)的三种不同模式: [0172] SSA system supports three different modes of root AGP creation (as well as all ACR root AGP and their permission) of:

[0173] 1.开放:不要求任何种类的验证的任何用户或实体或通过系统ACR(下文阐释) 验证的用户/实体可创建新的根AGP。 [0173] 1. Open: Any user or does not require any kind of entity or verification (explained below) through the system ACR authentication of the user / entity may create a new root AGP. 开放模式使得能够在当所有数据传递在开放通道上完成(即,在发布代理的安全环境中)时没有任何安全性措施的情况下,或通过经由系统ACR验证建立的安全通道(即,在空中(OTA))和发布后程序)创建根AGP。 Open mode enables in when all the data transfer is complete (ie, the release agent security environment) without any security measures on an open channel conditions, or by verifying through the system ACR establish a secure channel (ie, in the air (OTA)) and released after the program) to create root AGP.

[0174] 如果系统ACR未经配置(这是可选特征)且根AGP创建模式设定为开放,那么仅开放通道选项可用。 [0174] If the system ACR is not set configuration (which is an optional feature) and the root AGP creation mode to open, then the only open channel option is available.

[0175] 2.受控:只有通过系统ACR验证的实体可创建新的根AGP。 [0175] 2. Controlled: Only you can create a new root AGP through the system ACR verification entity. 如果系统ACR未经配置,那么不可将SSA系统设定到此模式。 If the system ACR is not configured, the SSA system will not be set to this mode.

[0176] 3.锁定:停用根AGP的创建,且不可将额外根AGP添加到系统。 [0176] 3. Lock: Disable creation of the root AGP and AGP can not add additional root to the system. [0177] 两个SSA命令控制此特征(这些命令可由任何用户/实体在不验证的情况下使用): [0177] two SSA commands control this feature (these commands by any user / entity without authentication):

[0178] 1.方法配置命令-用于配置SSA系统使用三种根AGP创建模式中的任一者。 [0178] 1. Method configuration command - Used to configure the SSA system using the three root AGP creation mode is any one. 仅允许以下模式变化:开放- >受控、受控- >锁定(即,如果SSA系统当前配置为受控,那么其仅可改变为锁定)。 The following modes are only allowed to change: Open -> Controlled Controlled -> Lock (that is, if the SSA system is currently configured as a controlled, then it can only be changed to a lock).

[0179] 2.方法配置锁定命令-用于停用方法配置命令,并永久锁定当前选择的方法。 [0179] 2. Method configuration lock command - Used to disable the method configuration command and permanently lock the currently selected method.

[0180] 当创建根AGP时,其处于使得能够创建和配置其ACR(使用施加到根AGP的创建的相同存取限制)的特殊初始化模式中。 [0180] When creating a root AGP, which enables the creation and configuration in which the ACR (using the same access restriction is applied to create root AGP) is a special initialization mode. 在根AGP配置过程结束时,当实体明确地将其切换到操作模式时,现有ACR不再可被更新且不再可创建额外ACR。 At the end of the root AGP configuration process, when the entity explicitly switches it to operating mode, the existing ACR no longer be updated and can not create additional ACR.

[0181] 一旦根AGP被置于标准模式中,其仅可通过经由其ACR中被指派有删除根AGP的许可的一个ACR登录到系统中而被删除。 [0181] Once a root AGP is put in standard mode, which can be deleted only by logging into the system via which the ACR is assigned with a deletion root AGP ACR permissions. 除了特殊初始化模式外,这是根AGP的另一例外情况;其优选地是可含有具有删除其自身的AGP的许可的ACR的唯一AGP,与下一树层中的AGP形成对比。 In addition to the special initialization mode, which is another exception of root AGP; which is preferably the only AGP ACR may contain its own AGP with erasure permission, and in contrast to the next tree AGP layer.

[0182] 根ACR与标准ACR之间的第三且最终差异是,其是系统中可具有创建和删除分区的许可的唯一ACR。 [0182] The third and final difference between the root ACR and a standard ACR is that it is the only ACR system can create and delete partitions have permission.

[0183] SSA 系统ACR [0183] SSA System ACR

[0184] 系统ACR可用于以下两种SSA操作: [0184] The system ACR may be used for the following two SSA operations:

[0185] 1.在敌对环境内的安全通道的保护下创建ACR/AGP树。 [0185] 1. Create an ACR / AGP tree under the protection of safe passage in a hostile environment.

[0186] 2.识别并验证代管SSA系统的装置。 [0186] 2. Identify and verification device hosting the SSA system.

[0187] 优选地,SSA中仅可存在一个系统ACR,且一旦经界定,其就优选地不能改变。 [0187] Preferably, the SSA system, only one may be present in the ACR, and once the defined, which will not be changed preferably. 当创建系统ACR时不需要系统验证;仅需要SSA命令。 When you create a system ACR does not require verification system; needs only SSA commands. 可停用创建系统ACR特征(类似于创建根AGP特征)。 Create a system ACR feature can be disabled (similar to create root AGP features). 创建系统ACR之后,创建系统ACR命令没有效果,因为优选地仅允许一个系统ACR。 After creating the ACR system, to create system ACR command has no effect, since preferably only one System ACR allows.

[0188] 当处于创建过程中时,系统ACR不操作。 [0188] When the process is created, the system ACR does not operate. 完成后,需要发布特殊命令,其指示系统ACR已创建且准备执行。 Upon completion, the need to issue special commands that instruct the system ACR is created and ready to execute. 在此点之后,系统ACR优选地不能被更新或替代。 After this point, the system ACR preferably can not be updated or replaced.

[0189] 系统ACR在SSA中创建根ACR/AGP。 [0189] System ACR creates the root ACR / AGP in the SSA. 其具有添加/改变根层的许可,直到主机对其满意并将其封锁时为止。 It has to add / change the root level of the license, until such time as the host of their satisfaction and blockade. 封锁根AGP本质上切断其到系统ACR的连接且致使其防窜改。 The root AGP essentially blocked off and causing it to connect it to the tamper-resistant system of the ACR. 此时,没有一方可改变/编辑根AGP和内部的ACR。 At this time, no one can change / edit the root ACR AGP and internal. 这通过SSA命令来完成。 This is done by SSA commands. 停用根AGP的创建具有永久影响且不能颠倒。 Disable root AGP creation of a permanent impact and can not be reversed. 以上涉及系统ACR的特征在图7中说明。 Characterized in ACR systems referred to above is illustrated in FIG. 系统ACR用于创建三个不同的根AGP。 ACR system is used to create three different root AGP. 在创建这些根AGP之后的某一时间,从主机发送SSA命令以封锁来自系统ACR的根AGP,藉此停用创建根AGP特征,如图7中将系统ACR连接到根AGP的虚线所指示。 At some time after the creation of the root AGP, sending SSA command from a host to block the root AGP from the system ACR, thereby disabling create root AGP feature, as shown in the broken line 7 is connected to the system ACR root AGP indicated. 这致使三个根AGP防窜改。 This leads to three root AGP tamper-proof. 在根AGP被封锁之前或之后,三个根AGP可用于创建子代AGP以形成三个单独树。 Before or after the root AGP is blocked, three root AGP can be used to create progeny AGP to form three separate trees.

[0190] 上述特征为内容所有者在配置具有内容的安全产品方面提供较大灵活性。 [0190] The above features provide content owners greater flexibility in configuring secure products with regard to content. 需要“发布”安全产品。 Need to "release" security products. 发布是提出识别密钥的过程,装置可借助识别密钥来识别主机,且反之亦然。 Release process is proposed identification key, the host device may be identified by means of identification key, and vice versa. 识别装置(例如,快闪卡)使主机能够决定其是否可信任其与装置的秘密。 Identification means (e.g., flash card) allows the host to decide whether it secret with the trusted device. 另一方面,识别主机使装置能够只有当主机被允许时才实行安全性策略(准予和执行特定主机命令)。 On the other hand, identifying the host enables the device to only when the host is allowed to implement security policies (grant and execute a specific host command).

[0191] 经设计以服务于多个应用程序的产品将具有若干识别密钥。 [0191] designed to serve multiple applications will have several identification key product. 产品可“预先发布”-在装运之前在制造期间存储密钥,或“之后发布”-在装运之后添加新密钥。 Products can be "pre-release" - before shipping storage key, or "after the release of" during manufacture - add a new key after shipment. 对于之后发布,存储器装置(例如,存储器卡)需要含有某种主控装置或装置层密钥,其可用于识别经允许以将应用程序添加到装置的实体。 For After release, the memory device (e.g., memory card) needs to contain some kind of master key means or device layers, which can be used to identify permission to add applications to the body device.

[0192] 上述特征使得产品能够经配置以启用/停用之后发布。 [0192] The products can be characterized in that after the release to enable / disable configured. 另外,之后发布配置可在装运之后安全地完成。 In addition, after the release of the configuration can be done safely after shipment. 装置可被作为零售产品购买,其上除了上述主控装置或装置层密钥外没有其它密钥,且接着所述装置由新的所有者配置以启用进一步的之后发布应用程序或将其停用。 Device may be purchased as a retail product, which in addition to the master device or other device layers key is not the key, and then by the new owner of the device is configured to further enable the publisher application or deactivate after .

[0193] 因此,系统ACR特征提供实现以上目的的能力: [0193] Thus, the ability to achieve the above object of the system ACR feature provides:

[0194]-不具有系统ACR的存储器装置将允许应用程序的无限制和不受控添加。 [0194] - a memory device having no system ACR will allow unlimited and uncontrolled application added.

[0195]-不具有系统ACR的存储器装置可经配置以停用系统ACR创建,这意味着没有办法控制新应用程序的添加(除非创建新的根AGP的特征也被停用)。 [0195] - Memory devices without system ACR has to disable the system ACR may be configured to create, which means there is no way to control adding of new applications (unless creating new root AGP is disabled features also).

[0196]-具有系统ACR的存储器装置将仅允许经由使用系统ACR凭证通过验证程序建立的安全通道受控地添加应用程序。 [0196] - Memory devices with system ACR will allow only controlled via the use of the system ACR credential verification by adding the application program to establish a secure channel.

[0197]-具有系统ACR的存储器装置可经配置以在已添加应用程序之前或之后停用应用程序添加特征。 [0197] - Memory devices with system ACR may be to disable the application before the application has been added or after the addition of features are configured.

[0198] 密钼ID列表 [0198] dense molybdenum ID list

[0199] 根据特定ACR请求创建密钥ID ;然而,在存储器系统10中,其仅由SSA系统使用。 [0199] The specific ACR request to create a key ID; however, in the memory system 10, which is used only by the SSA system. 当创建密钥ID时,创建ACR提供以下数据或将以下数据提供到创建ACR : When creating the key ID, ACR creates the following data or provide data to create the following ACR:

[0200] 1.密钥ID。 [0200] 1. Key ID. 所述ID由实体通过主机提供,且用于在所有进一步读取或写入存取中参考密钥和使用密钥加密或解密的数据。 The ID is provided by the host entity, and a reference key and key encryption or decryption use in all further read or write access to the data.

[0201] 2.密钥密码和数据完整性模式(上文中以及如下文所阐释的分块、链接和散列模式)O [0201] 2. The key encryption and data integrity Mode (above and below the illustrated partition, link and hashing mode) O

[0202] 除了主机提供的属性外,以下数据由SSA系统维持: [0202] In addition to the host provided attributes, the following data is maintained by the SSA system:

[0203] 1.密钥ID所有者。 [0203] 1. Key ID Owner. 作为所有者的ACR的ID。 ACR as the owner of the ID. 当创建密钥ID时,创建者ACR是其所有者。 When creating a key ID, creator ACR is its owner. 然而,密钥ID所有权可转移到另一ACR。 However, Key ID ownership may be transferred to another ACR. 优选地,仅允许密钥ID所有者转移密钥ID的所有权以及授权密钥ID。 Preferably, only the key ID owner allow transferring ownership and authorization key ID is the key ID. 授权对相关联密钥的存取许可以及撤回这些权利可由密钥ID所有者或被指派有授权许可的任何其它ACR来管理。 Granted access permission to the associated key and key ID may withdraw such rights owner or any other ACR assigned with license to manage. 每当试图实行这些操作中的任一者时,SSA系统将仅当请求ACR经授权时才准予所述操作。 Whenever trying to carry out these operations in any one, SSA system will grant the request ACR operation only when authorized.

[0204] 2. CEK0这是密钥值被用于将与密钥ID相关联的或由密钥ID指向的内容译成密码的CEK。 [0204] 2. CEK0 This is the CEK key value is used with the ciphering key ID associated with the key ID or by a pointed content. 密钥值可以是由SSA系统产生的1¾位AES随机密钥。 1¾ key value may be a bit AES random key generated by the SSA system.

[0205] 3. MAC和IV值。 [0205] 3. MAC and IV values. 链接区块密码(CBC)加密算法中使用的动态信息(消息验证代码和启始向量)。 Dynamic Link information block code (CBC) encryption algorithm used (message authentication codes and initiation vectors).

[0206] 还参看图8A-16的流程图说明SSA的各种特征,其中步骤左侧的“H”意味着操作由主机执行,且“C”意味着操作由卡执行。 Flowchart [0206] Referring also to FIGS. 8A-16 illustrate various features of the SSA, wherein the step of the left side of "H" means the operation is performed by the host, and "C" means the operation is performed by the card. 虽然参考存储器卡说明这些SSA特征,但将了解,这些特征也适用于其它物理形式的存储器装置。 Although described with reference to the SSA Memory Card features, it will be appreciated that these features are also applicable to other physical forms of memory means. 为了创建系统ACR,主机向存储器装置10中的SSA发布创建系统ACR的命令(方框202)。 To create the system ACR, the host issues a command (block 202) to create the system ACR of the SSA 10 to the memory device. 装置10通过检查系统ACR是否已存在来作出响应(方框204,菱形206)。 Responsive device 10 (block 204, diamond 206) by checking the system ACR already exists. 如果其已存在,那么装置10传回失败并停止(椭圆形208)。 If it already exists, then device 10 returns failure and stops (oval 208). 如果其不存在,那么存储器10检查是否允许系统ACR创建(菱形210),且在不允许的情况下传回失败状态(方框21幻。因此,可存在装置发布者不允许创建系统ACR的实例,例如在所需的安全性特征已经预定使得不需要任何系统ACR的情况下。如果允许系统ACR创建, 那么装置10传回OK状态并等待来自主机的系统ACR凭证(方框214)。主机检查SSA状态以及装置10是否已指示允许创建系统ACR (方框216和菱形218)。如果不允许创建或如果系统ACR已存在,那么主机停止(椭圆形220)。如果装置10已指示允许创建系统ACRJP 么主机发布SSA命令以界定其登录凭证并将其发送到装置10 (方框22¾。装置10用所接收的凭证更新系统ACR记录并传回OK状态(方框224)。响应于此状态信号,主机发布指示系统ACR准备就绪的SSA命令(方框226)。装置10通过锁定系统ACR使得其不能被更新或替代来作出响应 If it does not exist, the memory 10 checks whether to allow the system to create ACR (diamond 210), and without allowing the return a failure state (block 21 magic. Accordingly, examples of the device does not allow the publisher to create the system ACR may be present under, for example, has a predetermined desired safety profile such that the system does not require any ACR case. If the system ACR allows to create, then the device 10 returns OK status and waits for system ACR credentials from the host (block 214). the host examines SSA status and whether the device 10 allows the creation indication system ACR (block 216 and diamond 218). If not, or if the system creating ACR already exists, the host stops (oval 220). If the device 10 has indicated that the system allows the creation ACRJP What host issues SSA command to define its login credential and sends it to the device 10 (block 22¾. credential updating system apparatus 10 is received by the recording and ACR returns OK status (block 224). in response to this status signal, It indicates that the system host issues SSA command ACR is ready (block 226). by the locking means 10 such that the system can not be updated or alternatively ACR respond 方框228)。这锁住系统ACR的特征及其用于向主机识别装置10的身份。 Block 228). Characterized in that the locking system ACR and its identity for the host to the recognition apparatus 10.

[0207] 用于创建新树(新的根AGP和ACR)的程序通过这些功能在装置中配置的方式而确定。 [0207] procedure for creating new trees (New Root AGP and ACR) is determined by the way these functions are configured in the device. 图9阐释所述程序。 9 illustrates the procedure. 主机M和存储器系统10两者均遵循此程序。 The master M and a memory system 10 both follow the program. 如果完全停用添加新的根AGP,那么不能添加新的根AGP (菱形M6)。 If you completely disable add a new root AGP, you can not add a new root AGP (diamond M6). 如果其被启用但需要系统ACRJP 么主机在发布创建根_AGP命令(方框254)之前通过系统ACR验证并建立安全通道(菱形250,方框252)。 If it is enabled but the system needs to create ACRJP it hosts root _AGP release command (block 254) until verified by the system ACR and establish a secure channel (diamond 250, block 252). 如果不需要系统ACR (菱形M8),那么主机M可在不验证的情况下发布创建根AGP命令并行进到方框254。 If no system ACR (diamond M8), then the host may issue M create root AGP command without authentication and proceeds to block 254. 如果系统ACR确实存在,那么即使不需要系统ACR主机也可使用所述系统ACR(流程图中未展示)。 If system ACR does exist, even if the system does not require the ACR host system ACR may be used (not shown in the flow chart). 装置(例如,快闪卡)将拒绝任何创建新的根AGP的尝试(如果所述功能被停用),且其将拒绝在不验证的情况下创建新的根AGP的尝试(如果需要系统ACR)(菱形246和250)。 Means (e.g., flash card) will attempt a new root AGP is created any rejected (if the function is disabled), and it will reject an attempt to create a new root AGP without authentication (ACR system if necessary ) (diamonds 246 and 250). 方框254中新创建的AGP和ACR现切换到操作模式,使得此类AGP中的ACR不能被更新或以另外的方式改变,且不可将任何ACR添加到所述ACR(方框256)。 AGP and ACR in block 254 is switched to the newly created current operation mode, so that in such an ACR AGP can not be updated or otherwise changed, and can not be added to any of the ACR ACR (block 256). 系统接着被任选地锁定,使得不能创建额外的根AGP (方框258)。 The system is then, optionally locked so that additional root the AGP can not be created (block 258). 虚线框258是指示此步骤为任选步骤的惯例。 Dashed box 258 indicates that this step is an optional step practice. 本说明书的图式的流程图中的所有虚线框均是任选步骤。 All figures dashed box flowchart in this specification are optional steps. 这允许内容所有者封锁出于可能模仿具有合法内容的真实存储器装置的其它非法目的而对装置10的使用。 This allows content owners may mimic other illegal blockade for the purpose of real memory device has legitimate content and use of the device 10.

[0208] 为了创建ACR(不同于上述根AGP中的ACR),可以具有创建ACR的权利的任何ACR 开始(方框270),如图10所示。 Any ACR [0208] To create an ACR (ACR is different from the above-described root AGP), have the right to create an ACR may start (block 270), as shown in FIG. 实体可试图通过提供入口点ACR身份和具有其希望创建的所有必要属性的ACR来通过主机M输入(方框272)。 Entity may attempt to enter through the host M (block 272) by providing the entry point ACR identity, and it wishes to have all the necessary attributes created ACR. SSA检查与ACR身份的匹配以及具有此身份的ACR是否具有创建ACR的许可(菱形274)。 Match SSA check the identity of the ACR and the ACR has created this identity of whether a license ACR (diamond 274). 如果请求被检验为经授权,那么装置10中的SSA创建ACR (方框276)。 If the request is verified as authorized, then in 10 SSA creating the ACR (block 276) apparatus.

[0209] 图11展示说明在使用图10的方法的安全性应用中有用的树的两个AGP。 [0209] FIG. 11 shows two described AGP useful in security applications using the method of FIG. 10 in the tree. 因此,营销AGP中具有身份ml的ACR具有创建ACR的许可。 Therefore, the ACR has a marketing AGP ml of identity has permission to create the ACR. ACR ml还具有使用密钥的许可,所述密钥用于读取和写入与密钥ID “营销信息”相关联的数据以及与密钥ID “价格列表”相关联的数据。 ACR ml also has the permission to use a key, the key for reading and data writing with the key ID "Marketing Information" and the data associated with the key ID "price lists" associated. 使用图10的方法,其创建具有两个ACR si和s2的销售AGP,其仅具有对用于存取与密钥ID “价格列表”相关联的定价数据的密钥的读取许可,而不具有对存取与密钥ID “营销信息”相关联的数据所必需的密钥的读取许可。 FIG 10 is a method which Create Sales AGP with two ACR si and s2, which has only read permission to the key for accessing pricing data with the key ID "price lists" associated, without having permission to read data access with the key ID "marketing information" associated with the key necessary. 以此方式,具有ACR si和s2的实体仅可读取而不能改变定价数据,且将不具有对营销数据的存取权。 In this manner, entities with the ACR si and s2 can only read but not change the pricing data, and will have no access to marketing data. 另一方面,ACR m2不具有创建ACR的许可,且仅具有对用于存取与密钥ID “价格列表”相关联以及与密钥ID “营销信息”相关联的数据的密钥的读取许可。 On the other hand, ACR m2 ACR does not have permission to create, and only have read access to the key for the key ID "Price List" and the data associated with the key ID "Marketing information" associated with the license.

[0210] 因此,可以上文阐释的方式授权存取权,其中ml向si和s2授权读取定价数据的权利。 [0210] Accordingly, the above-explained manner authorized access, wherein authorized ml claimed read pricing data to si and s2. 这在涉及较大营销和销售群组的情况下尤其有用。 This is particularly useful in the context of a larger marketing and sales group. 在仅存在一个或几个销售人员的情况下,可能不需要使用图10的方法。 In the case where there is only one or a few sales personnel may need to use the method of FIG. 事实上,可由ACR向同一AGP内的较低或相同层处的ACR授权存取权,如图12中所说明。 In fact, the ACR ACR may be authorized access to the same layer as the lower or within the same AGP, as illustrated in Figure 12. 首先,实体通过以上文描述的方式经由主机指定树中的ACR而进入此类AGP的树(方框观0)。 First, the above described manner entity specified via the host ACR tree into the tree such AGP (block 0 View). 接下来,主机将指定要授权到的ACR和权利。 Next, the host will be authorized to specify the ACR and rights. SSA 检查树以查看此类ACR以及所述ACR是否具有将权利授权给指定的另一ACR的许可(菱形观2)。 SSA checks the tree to view such ACR and whether the ACR has the permission (diamond View 2) authorization rights to another ACR specified. 如果是,那么授权所述权利(方框观4);如果不是,那么其停止。 If so, authorizing the claimed (block View 4); if not, then it stops. 结果在图13中说明。 The results illustrated in Figure 13. 此情况下的ACR ml具有将读取许可授权给ACR si的许可,使得在授权之后si将能够使用密钥来存取定价数据。 ACR ml in this case has a read permission to the ACR si permission authorization, so that after an authorization key si will be able to access pricing data. 这可在ml具有相同或更大权利存取定价数据和如此授权的许可的情况下执行。 This may have a case of performing the same or greater rights to access pricing data and the permission so authorized ml. 在一个实施例中,在授权之后ml保留其存取权。 In one embodiment, ml retains its after authorizing access. 优选地,可在例如持续有限的时间、有限的存取次数等受限条件(而不是永久地)下授权存取权。 Preferably, the access authorization, for example, under limited conditions for a limited time, limited number of times of access (rather than permanently).

[0211] 用于创建密钥和密钥ID的过程在图14中说明。 Process [0211] is used to create key and key ID is illustrated in FIG. 14. 实体通过ACR验证(方框302)。 ACR authentication entity (block 302). 所述实体请求创建具有由主机指定的ID的密钥(方框304)。 The entity requests the creation of a key (block 304) with the ID specified by the host. SSA检查所指定的ACR是否具有如此做的许可(菱形306)。 SSA checks whether the specified license ACR (diamond 306) to do so. 举例来说,如果密钥将用于存取特定分区中的数据,那么SSA将检查ACR是否可存取此分区。 For example, if the key for accessing the data in a particular partition, the SSA will check if the ACR may access to this partition. 如果ACR经授权,那么存储器装置10创建与由主机提供的密钥ID相关联的密钥值(方框308),并将密钥ID存储在ACR中且将密钥值存储在其存储器中(控制器相关联存储器或存储器20中),并根据实体供应的信息指派权利和许可(方框310),且以此类指派的权利和许可修改此类ACR的PCR(方框312)。 If the ACR is authorized, then the memory device 10 creates a key value associated with the key ID provided by the host (block 308), and the key ID in the ACR, and the key value stored in its memory ( a memory associated with the controller or memory 20) and assigns rights and permissions (block 310) in accordance with supplied information entity, and to permit such assigned rights and modifications of such an ACR PCR (block 312). 因此,密钥的创建者具有所有可用权利,例如读取和写入许可、授权和与同一AGP中的其它ACR或处于较低层的ACR共享的权利,以及转移密钥的所有权的权利。 Thus, the creator of the key has all available rights, such as read and write permission, and authorization, and the right to transfer ownership of the key shared with other ACR in the same AGP or in a lower layer according to ACR.

[0212] ACR可改变SSA系统中的另一ACR的许可(或完全改变其存在),如图15中所说明。 [0212] ACR ACR can change the permission of the SSA system to another (or completely change their presence), described in Figure 15. 实体可如之前一样通过ACR进入树;在一种情况下,实体经验证且接着其指定ACR(方框330、332)。 As before entity may enter a tree through the ACR; In one case, the entity authenticated and then it specifies ACR (block 330, 332). 其请求删除目标ACR或目标ACR中的许可(方框334)。 Its request to delete a target ACR or ACR targets of license (block 334). 如果所指定的ACR 或此时处于活动状态的ACR具有如此做的权利(菱形336),那么删除目标ACR,或改变目标ACR的PCR以删除此类许可(方框338)。 If the ACR specified or ACR active at this time has the right to (diamond 336) to do so, the target ACR is deleted, or change the target ACR, PCR to delete such permission (block 338). 如果这未经授权,那么系统停止。 If this is not authorized, then the system stops.

[0213] 在上述过程之后,目标将不再能够存取其在过程之前能够存取的数据。 [0213] After the above process, the target will no longer be able to access data in the process before it can be accessed. 如图16所示,实体可试图在目标ACR处进入(方框350)并发现验证过程失败,因为先前现有的ACRID 不再存在于SSA中,使得存取权被拒绝(菱形352)。 16, an entity may attempt to enter (block 350) and the discovery of the target ACR authentication process fails, since the previously existing ACRID no longer present in the SSA, so that access is denied (diamond 352). 假定ACR ID尚未被删除,实体指定ACR(方框354)以及特定分区中的密钥ID和/或数据(方框356),且SSA接着检查密钥ID 或根据此类ACR的PCR准许分区存取请求(菱形358)。 Assumed ACR ID has not been deleted, the entity specifies ACR (block 354) and a specific partition key ID and / or data (block 356), and the SSA then checks stored key ID or partition permitted according to the PCR of such ACR fetch request (diamond 358). 如果许可已被删除或已期满,那么再次拒绝请求。 If the license has expired or has been deleted, it rejects the request again. 否则,准予所述请求(方框360)。 Otherwise, the request is granted (block 360).

[0214] 上述过程描述装置(例如,快闪卡)如何管理对受保护数据的存取,而不管ACR及其PCR是否刚刚由另一ACR改变或如此经配置以作为开始。 [0214] The procedure described apparatus (e.g., flash card) by managing access to protected data, regardless of whether the ACR and its PCR just changed by another ACR or so configured to begin with.

[0215] [0215]

[0216] SSA系统经设计以处置同时登录的多个用户。 [0216] multiple users SSA system is designed to handle simultaneous logons. 当使用此特征时,SSA接收的每个命令与特定实体相关联,且只有当用于验证此实体的ACR具有对所请求动作的许可时才被执行。 When using this feature, each command received SSA is associated with a particular entity, and only when the ACR is used to authenticate this entity has to be performed only when the requested permission action.

[0217] 通过对话概念来支持多个实体。 [0217] to support the concept of multiple entities through dialogue. 对话在验证过程期间建立且由SSA系统指派得到对话id。 Dialogue established during the verification process and appointed by the SSA system has been dialogue id. 对话id在内部与用于登录到系统中的ACR相关联,且经导出到实体以用于所有进一步SSA命令中。 Id dialogue internally and used to log into the system associated with the ACR, and by the entity for export to all further SSA commands.

[0218] SSA系统支持两种类型的对话:开放式对话和安全对话。 [0218] SSA system supports two types of dialogue: open dialogue and security dialogue. 在ACR中界定与特定验证过程相关联的对话类型。 Define the type of dialogue is associated with a particular verification process in the ACR. SSA系统将以类似于其本身实行验证的方式实行对话建立。 SSA system will be similar to their own way to verify the implementation of the implementation of the dialogue established. 由于ACR界定实体许可,所以此机制使系统设计者能够将安全穿隧与存取特定密钥ID或调用特定ACR管理操作(即,创建新的ACR和设定凭证)相关联。 Since the ACR definition of entities licensed, so this mechanism will enable system designers to secure tunneling and access to certain key ID or call ACR specific management actions (ie, create a new set of credentials and ACR) is associated.

[0219] 开放式对话 [0219] open dialogue

[0220] 开放式对话是以对话id但没有总线加密来识别的对话,所有命令和数据不受阻碍地通过。 [0220] open dialogue is the dialogue but without bus encryption id to identify the dialogue, all commands and data through unhindered. 此操作模式优选地用于多用户或多实体环境中,其中实体不是威胁模型的一部分,也不在总线上窃听。 This mode of operation is preferably used for a multi-user or multi-entity environment where the entities are not part of the threat model, nor eavesdropping on the bus.

[0221] 尽管不保护数据的传输也不启用主机侧上的应用程序之间的有效防火墙,但开放式对话模式使SSA系统能够允许仅存取允许用于当前经验证ACR的信息。 [0221] Although not protected nor enable efficient transmission of data between the firewall applications on the host side, the Open session mode enables the SSA system to allow access only to allow information currently validated the ACR.

[0222] 开放式对话还可用于分区或密钥需要受保护的情况。 [0222] open dialogue can be used to partition or in need of the protection of the key. 然而,在有效验证过程之后, 向主机上的所有实体准予存取权。 However, after a valid authentication process, granting access to all entities on the host. 为了获得经验证ACR的许可,各种主机应用程序唯一需要共享的是对话id。 In order to obtain a license validated ACR, a variety of host applications need to share the unique dialogue id. 这在图17A中说明。 This is illustrated in FIG. 17A. 线400上方的步骤是由主机M采取的步骤。 Step 400 is above the line M of the steps taken by the host. 在实体针对ACR 1经验证(方框402)之后,其请求对与存储器装置10中的密钥ID X相关联的文件的存取(方框404、406和408)。 After entity for the ACR 1 validated (block 402), that requests access to a file with a key ID X in the memory 10 associated with the device (block 404, 406 and 408). 如果ACR 1的PCR允许此存取,那么装置10准予所述请求(菱形410)。 If the PCR of the ACR 1 allows this access, the device 10 grants the request (diamond 410). 如果不,那么系统返回到方框402。 If not, the system returns to block 402. 在验证完成之后,存储器系统10 仅通过所指派的对话id (而不是ACR凭证)来识别发布命令的实体。 After verification is complete, the memory system 10 identifies the entity issuing commands only by the assigned session id (and not the ACR credentials). 在开放式对话中,一旦ACR 1获得对与其PCR中的密钥ID相关联的数据的存取权,任何其它应用程序或用户就可通过指定在主机M上的不同应用程序之间共享的正确对话ID来存取相同数据。 In an open dialogue, once the ACR 1 to obtain access to data on the PCR in its associated key ID, any other application or user can specify pass between different applications on the host shared correct M the session ID to access the same data. 此特征在以下应用中较有利:用户仅能够登录一次并能够存取与针对不同应用程序执行登录所通过的账户联系的所有数据是较为便利的。 This feature is more favorable in the following applications: Users can only log in once and gain access to the account and perform all data logged by the contact for different applications is more convenient. 因此,蜂窝式电话用户可能能够存取所存储的电子邮件,并收听存储器20中存储的音乐,而不必登录多次。 Thus, the cellular phone users may be able to access the stored e-mail, and listen to music stored in the memory 20, without having to log in multiple times. 另一方面,未被ACRl包含的数据将不可存取。 On the other hand, data is not included in the ACRl will not be accessible. 因此,相同蜂窝式电话用户可具有可通过单独账户ACR2存取的有价值的内容,例如游戏和照片。 Thus, the same cellular phone user may have valuable content accessible through a separate account ACR2, such as games and photographs. 这是其不希望借走其电话的其他人存取的数据,尽管其可能不介意其他人通过其第一账户ACRl存取可用的数据。 This is the data that it does not want to borrow other people's access to their phone, even though it may not mind others from accessing the data available through its first account ACRl. 将对数据的存取分为两个单独账户同时允许在开放式对话中存取ACRl提供了使用的方便性以及提供对有价值数据的保护。 Data access will be divided into two separate accounts while allowing access ACRl in an open dialogue provides the ease of use and protection of valuable data.

[0223] 为了更进一步使在主机应用程序之间共享对话id的过程方便,当ACR请求开放式对话时,其可明确地请求对话将被指派得到“0(零),,id。以此方式,应用程序可经设计以使用预先定义的对话id。由于明显的原因,唯一的限制是仅一个请求对话0的ACR可在特定时间被验证。验证另一请求对话0的ACR的尝试将被拒绝。 [0223] In order to further make the process id share session between a host application convenience, ACR request when open dialogue, the dialogue which can explicitly request to be assigned to give "0 (zero) ,, id. In this manner , the application may be designed to use a pre-defined conversation id. For obvious reasons, the only limitation is that only one ACR requesting session 0, can be verified at a particular time. another attempt ACR authentication dialogue request will be denied 0 .

[0224] 安全对话 [0224] Security Dialogue

[0225] 为了添加安全性层,可如图17B所示而使用对话id。 [0225] To add a layer of security, as shown in FIG 17B may be used dialog id. 存储器10接着还存储处于活动状态的对话的对话id。 Dialogue session id is stored in the memory 10 is then also active. 举例来说,在图17B中,为了能够存取与密钥ID X相关联的文件,实体在被允许存取文件之前将还需要提供对话id(例如,对话id “Α”)(方框404、406、 412和414)。 For example, in FIG. 17B, to be able to access the file associated with key ID X, the entity before being allowed to access the file will also need to provide session id (e.g., session id "Α") (block 404 , 406, 412 and 414). 以此方式,除非请求实体知道正确的对话id,否则其不能存取存储器10。 In this way, unless the requesting entity knows the correct session id, otherwise it can not access memory 10. 由于在对话结束之后删除对话id且对话id对于每一对话将不同,所以实体仅在其已能够提供对话号时才可获得存取权。 Because deleted after the end of the dialogue session id and session id for each conversation will be different, so the entity only if it has been able to offer access to the dialogue number available.

[0226] SSA系统通过使用对话号跟踪命令是否真的来自正确的经验证实体。 [0226] SSA system confirmed whether the body through the use of dialogue track number command is really coming from the right experience. 对于存在攻击者将试图使用开放式通道来发送恶意命令的威胁的应用和使用情况,主机应用程序使用安全对话(安全通道)。 For applications and use the threat of an attack will attempt to send malicious commands using an open channel, the host application to use a secure conversation (secure channel). [0227] 当使用安全通道时,用安全通道加密(对话)密钥对对话id以及整个命令加密, 且安全性等级与主机侧实施方案一样高。 [0227] When using a secure channel (session) key is encrypted using a secure channel of encrypted session id and the entire command, and the security level as high as the host side of the embodiment.

[0228] 终Ih对话 [0228] Ih the final dialogue

[0229] 在以下情形的任一者中,终止对话,且注销ACR : [0229] In the case of any of the following, the termination of a dialogue, and cancellation of ACR:

[0230] 1.实体发布明确的结束对话命令。 [0230] 1. The entity issues a clear command to end the conversation.

[0231] 2.通信超时。 [0231] 2. Communication timeout. 特定实体在界定为ACR参数的一者的时间周期内未发布命令。 Specific entity within the time period defined as one of the parameters of the ACR did not issue orders.

[0232] 3.所有开放式对话在装置(例如,快闪卡)重设和/或功率循环之后终止。 After termination [0232] 3. All open dialogue device (e.g. flash card) reset and / or power cycle.

[0233] 数据完整件服各 [0233] Data Integrity services each member

[0234] SSA系统检验SSA数据库(其含有所有ACR、PCR等)的完整性。 [0234] SSA system verifies SSA database (which contains all the ACR, PCR, etc.) integrity. 另外,通过密钥ID机制为实体数据提供数据完整性服务。 Further, to provide data integrity service entity data through the key ID mechanism.

[0235] 如果密钥ID配置为将散列作为其加密算法,那么散列值与CEK和IV —起存储在CEK记录中。 [0235] If the key ID is configured as a hash encryption algorithm, the hash value of the CEK and IV - play records stored in CEK. 在写入操作期间计算和存储散列值。 The hash value calculated and stored during write operation. 在读取操作期间再次计算散列值,并将其与先前写入操作期间存储的值进行比较。 Calculate a hash value again during a read operation, and compared with the value previously stored during the write operation. 每次实体正存取密钥ID时,将额外数据连接(以密码方式)到旧数据且更新适当的散列值(针对读取或针对写入)。 Every time the entity is accessing the key ID, the additional data connection (cryptographically) to the old data and updating the appropriate hash value (for read or for write).

[0236] 由于只有主机知道与密钥ID相关联或由密钥ID指向的数据文件,所以主机以以下方式明确地管理数据完整性功能的若干方面: [0236] Since only the host knows a number of aspects of key ID associated with the key ID or by the data pointed to a file, so the host in the following manner explicitly manage data integrity functions:

[0237] 1.从开始到结尾写入或读取与密钥ID相关联或由密钥ID指向的数据文件。 [0237] 1. From the start to the end of writing or reading associated with the key ID or ID by the key pointed to data files. 任何存取文件的部分的尝试将使文件混乱,因为SSA系统正使用CBC加密方法并产生整个数据的散列消息摘要。 Part will attempt to access the file any confusion, since the SSA system is using a CBC encryption method and generates a hashed message digest of the entire data.

[0238] 2.不需要以邻接流处理数据(所述数据流可与其它密钥Id的数据流交错且可分割在多个对话上),因为中间散列值由SSA系统维持。 [0238] 2. The process need not be contiguous data stream (the data stream can be interleaved with data streams of other key Id and may be divided in a plurality of dialogue), an intermediate hash value as maintained by the SSA system. 然而,如果数据流重新开始,那么实体将需要明确地指示SSA系统重设散列值。 However, if the data stream is restarted, then the entity will need to explicitly instruct SSA system reset hash value.

[0239] 3.当读取操作完成时,主机明确地请求SSA系统通过将所读取的散列与写入操作期间计算的散列值进行比较来验证所述读取的散列。 [0239] 3. When a read operation is completed, the host explicitly request the SSA system to validate the read Hash by comparing the hash of the hash value calculated during the read and write operations.

[0240] 4. SSA系统还提供“虚设读取”操作。 [0240] 4. SSA system provides "dummy read" operation. 此特征将使数据串流通过加密引擎但将不会将其发出到主机。 This feature will stream the data through the encryption engines but will not be sent to the host. 此特征可用于在实际上从装置(例如,快闪卡)读出数据之前检验数据完整性。 This feature can be used practically from prior testing apparatus (e.g., flash card) read out data integrity.

[0241] 随机数产生 [0241] Random number generator

[0242] SSA系统将使外部实体能够利用内部随机数产生器并请求在SSA系统外部使用随机数。 [0242] The SSA system will enable external entities to take advantage of the internal random number generator and request random numbers outside the SSA system. 此服务可由任何主机使用且不需要验证。 This service can be any host to use and does not require authentication.

[0243] RSA密钥对产生 [0243] RSA key pair generation

[0244] SSA系统将使外部用户能够利用内部RSA密钥对产生特征并请求在SSA系统外部使用密钥对。 [0244] The SSA system will enable external users using the internal RSA key pair generation feature and request key used outside the SSA system. 此服务可由任何主机使用且不需要验证。 This service can be any host to use and does not require authentication.

[0245] 替代实施例 [0245] Alternative embodiments

[0246] 替代于使用层级方法,可使用数据库方法来实现类似结果,如图18中所说明。 [0246] Instead of using the hierarchical approach, similar results can be achieved using the database approach, described in Figure 18.

[0247] 如图18所示,可将实体的凭证列表、验证方法、失败尝试的最大数目和解除封锁所需的凭证的最小数目输入到存储在控制器12或存储器20中的数据库中,所述数据库将此类凭证要求与由存储器10的控制器12实行的数据库中的策略(对密钥和分区的读取、 写入存取、安全通道要求)相关。 [0247] 18, a list of credentials may be a maximum number of entities, authentication methods, and the minimum number of failed attempts to lift the blockade required credentials entered into the database stored in the controller 12 or the memory 20, the said credential database such requirements imposed by the controller 12 of the memory 10 in the policy database (and reading of the key partition, write access, secure channel requirement) related. 还存储在数据库中的是对密钥和分区的存取的约束和限制。 Also stored in the database are constraints and limitations to the access to keys and partitions. 因此,一些实体(例如,系统管理员)可能在白列表上,这意味着这些实体可存取所有密钥和分区。 Therefore, some entities (for example, a system administrator) may be on the white list, which means that these entities have access to all the keys and partitions. 其它实体可能在黑列表上,且其存取任何信息的尝试将被封锁。 Other entities may be on the black list, and which any attempt to access information will be blocked. 限制可为全局的或密钥和/或分区特定的。 Limit or global key and / or partition specific. 这意味着仅某些实体可存取某些特定密钥和分区,且某些实体不能这样做。 This means that only certain entities can access certain keys and partitions, and certain entities can not do that. 还可对内容本身施加约束,不管其所处的分区或用于对其进行加密或解密的密钥如何。 It may also impose constraints on the content itself, regardless of how the key is located or for the partition subjected to encryption or decryption. 因此,某些数据(例如,歌曲)可能具有仅可被存取其的前五个主机装置存取的属性,或其它数据(例如,电影)仅可被读取有限次数,而不管哪些实体具有存取权。 Thus, certain data (e.g., songs) may only have access attribute may be the first five host devices that access or other data (e.g. movies) can only be read a limited number of times, regardless of which entity having access.

[0248] 验证 [0248] verification

[0249] 密码保护 [0249] password protection

[0250] 密码保护意味着需要提供密码来存取受保护区域。 [0250] password protection means that a password is required to access the protected area. 除非其不能为一个以上密码, 否则密码可与不同权利(例如,读取存取权或读取/写入存取权)相关联。 Unless it can not be more than one password, or a password may be different rights (e.g., read access or read / write access) is associated.

[0251] 密码保护意味着装置(例如,快闪卡)能够检验由主机提供的密码,即装置还具有存储在装置管理的安全存储器区域中的密码。 [0251] means that the password protection devices (e.g., flash card) is able to verify a password provided by the host, i.e., the device further having a password stored in a secure memory area in the device management.

[0252] 发布和限制 [0252] and release restrictions

[0253] 密码经受重放攻击。 [0253] password withstand replay attacks. 因为密码在每次提供之后不变,所以其可相同地再发送。 Because the password provided after each change, so that it can be retransmitted in the same manner. 这意味着如果待保护的数据有价值且通信总线容易存取,那么不应按现状使用密码。 This means that if the data to be protected valuable and easy access to the communication bus, then the status quo should not use a password.

[0254] 密码可保护对所存储数据的存取但不应用于保护数据(不是密钥)。 [0254] Password protect access to stored data but should not be used to protect data (not a key).

[0255] 为了增加与密码相关联的安全性等级,可使用主密钥使其多样化,结果是窃取一个密码不会使整个系统崩溃。 [0255] To increase the security level associated with passwords, may be used to diversify the master key, the result is a stolen password the entire system will crash. 基于对话密钥的安全通信通道可用于发送密码。 Session key based secure communication channel can be used to transmit a password.

[0256] 图19是说明使用密码进行验证的流程图。 [0256] FIG. 19 is a flowchart of a password for authentication. FIG. 实体将账户id和密码呈递给系统10(例如,快闪存储器卡)。 The account id and password entities presented to the system 10 (e.g., a flash memory card). 系统检查所述密码是否与其存储器中的密码匹配。 The system checks whether the password matches the password its memory. 如果其匹配,那么传回经验证状态。 If it matches, then return validated state. 否则,错误计数器针对所述账户递增,且要求实体重新输入账户id和密码。 Otherwise, the error counter is incremented for the account, and require the entity to re-enter the account id and password. 如果计数器溢出,那么系统传回存取被拒绝的状态。 If the counter overflows, the system return status is denied access.

[0257] 对称密钥 [0257] Symmetric key

[0258] 对称密钥算法意味着相同密钥用于两侧以进行加密和解密。 [0258] Symmetric key algorithm means that the same key is used for both encryption and decryption. 这意味着在通信之前已预先同意密钥。 This means that the pre-agreed key before communication. 并且,每一侧应实施彼此的反向算法,即一侧上为加密算法且另一侧上为解密算法。 And, each side should implement the reverse algorithm of each other, i.e. on one side and on the other side of the encryption algorithm for the decryption algorithm. 两侧不需要实施两种算法来进行通信。 Need not be implemented on both sides of both algorithms to communicate.

[0259] 验证 [0259] verification

[0260] 对称密钥验证意味着装置(例如,快闪卡)和主机共享相同密钥且具有相同密码算法(直接和反向,例如DES和DES-1)。 [0260] Symmetric key authentication means that device (e.g. flash card) and host share the same key and have the same cryptographic algorithm (direct and reverse e.g. DES and DES-1).

[0261] 对称密钥验证意味着询问-响应(防护重放攻击)。 [0261] Symmetric key authentication means that query - response (replay attack protection). 受保护装置针对其它装置产生询问且两者均计算响应。 Protection means for generating a response to the interrogation and both calculated by other means. 验证装置发送回响应,且受保护装置检查响应并相应地确认验证。 Authentication device sends back a response, receiving the response and the protected device check and confirm authentication accordingly. 接着可准予与验证相关联的权利。 Then be granted rights associated with authentication.

[0262] 验证可为: [0262] Validation may be:

[0263] 外部的:装置(例如,快闪卡)验证外界,即装置确认给定主机或应用程序的凭证。 [0263] External: the device (e.g. flash card) to verify the outside, i.e., a given host device confirms document or application.

[0264] 相互的:在两侧均产生询问。 [0264] each of: generating ask both sides.

[0265] 内部的:主机应用程序验证装置(例如,快闪卡),即主机检查装置对于其应用程序是否为真的。 [0265] Internal: the host application program verification device (e.g. flash card) i.e. host checks if device is true for their applications.

[0266] 为了增加整个系统的安全性等级(即,破坏一部分不会破坏全部) [0266] To increase the security level of the entire system (i.e., destruction of a part will not destroy all)

[0267] 通常将对称密钥与使用主密钥的多样化进行组合。 [0267] Diversification generally symmetric key using the master key may be combined. [0268] 相互验证使用来自两侧的询问以确保询问为真实询问。 [0268] using the mutual authentication inquiry from the inquiry as to ensure that both sides of the real interrogation.

[0269] 加密 [0269] Encryption

[0270] 对称密钥密码术还用于加密,因为其是非常有效的算法,即其不需要强大的CPU 来处置密码术。 [0270] Symmetric key cryptography is also used for encryption because it is a very efficient algorithm i.e. it does not need a powerful CPU to handle cryptography.

[0271] 当用于保护通信通道时: [0271] When used to protect a communication channel:

[0272] 两个装置均必须知道用于保护通道的对话密钥(即,加密所有传出数据并解密所有传入数据)。 [0272] both devices must know the session key for the protection channel (ie encrypt all outgoing data and decrypt all incoming data). 此对话密钥通常是使用预先共享的秘密对称密钥或使用PKI来建立。 This session key is usually to use pre-shared secret symmetric key or using PKI to establish.

[0273] 两个装置均必须知道并实施相同密码算法。 [0273] both devices have to know and implement the same cryptographic algorithm.

[0274] 签名 [0274] Signature

[0275] 对称密钥还可用于签署数据。 [0275] Symmetric key can also be used to sign data. 在所述情况下,签名是加密的部分结果。 In that case, the encrypted signature is a partial result. 保持结果为部分的允许在不暴露密钥值的情况下签署与所需一样多的次数。 The results allow the holding portion of signed as many times as needed without exposing the key value.

[0276] 发布和限制 [0276] and release restrictions

[0277] 对称算法非常有效且安全,但其基于预先共享的秘密。 [0277] Symmetric algorithms are very effective and safe, but based on pre-shared secret. 发布是以动态方式安全地共享此秘密且可能使其为随机的(如同对话密钥)。 Dynamic publishing is a way to securely share this secret and may make it (as a session key) is random. 观点是共享的秘密难以长期保持安全且几乎不可能与多个人共享。 View is shared secret is difficult to maintain long-term safety and almost impossible to share with multiple people.

[0278] 为了促进此操作,已发明公共密钥算法,其允许在不共享秘密的情况下交换秘密。 [0278] In order to facilitate this operation, public key algorithm has been invented, which allows the exchange of secrets without sharing secret.

[0279] 不对称验证程序 [0279] Asymmetric validator

[0280] 基于不对称密钥的验证使用最终构成用于安全通道通信的对话密钥的一系列数据传递命令。 [0280] transmitted using an asymmetric key authentication command based on the final configuration of a series of conversation for secure data communications channel key. 基本协议向SSA系统验证用户。 Basic user authentication protocol to the SSA system. 协议变化允许相互验证(其中用户检验其希望使用的ACR)和双因数验证。 Allowing mutual authentication protocol changes (where the user wants to use to test its ACR) and dual-factor authentication.

[0281] SSA的不对称验证协议优选地使用公共密钥基础结构(I3KI)和RSA算法。 [0281] SSA is preferably asymmetric authentication protocol using public key infrastructure (I3KI) and the RSA algorithm. 如这些算法所定义,允许验证过程中的每一方创建其自身的RSA密钥对。 As these algorithms are defined, each party to allow verification process creates its own RSA key pair. 每对密钥由公共和专用密钥组成。 Each pair of keys consisting of a public and private key. 由于密钥是匿名的,所以其不能提供身份的证明。 Since the key is anonymous, it can not provide proof of identity. PKI层调用第三置信方,其签署公共密钥的每一者。 PKI layer calls the third party confidence, signed by each of its public key. 置信方的公共密钥在将验证彼此的各方之间预先共享,且用于检验各方的公共密钥。 Confidence in the side of the public key previously shared between the parties to verify each other, and the public key used to verify the parties. 一旦建立信任(两方均确定可信任另一方提供的公共密钥),协议就继续验证(检验每一方持有匹配的专用密钥)和密钥交换。 Once the trust established (which both parties to determine the trusted public key of the other party), the agreement will continue to verify (test each party holds a matching private key) and key exchange. 这可通过下文描述的图22和23中说明的询问响应机制来完成。 This can be described hereinafter in FIG 22 and described in the inquiry response mechanism 23 to complete.

[0282] 含有经签署公共密钥的结构称为证书。 [0282] structure containing a signed public key is called a certificate. 签署证书的置信方称为证书授权方(CA)。 Signed certificate Confidence party called a certificate authority (CA). 为了验证一方,其具有RSA密钥对和证实公共密钥的真实性的证书。 In order to verify one of which has an RSA key pair and a certificate that certifies the authenticity of the public key. 所述证书由另一(验证)方所信任的证书授权方签署。 The by another certificate (authentication) Fang Suoxin according to any of the certificate authority to sign. 验证方预期拥有其置信CA的公共密钥。 Verifier is expected to have the confidence CA's public key.

[0283] SSA允许证书链接。 [0283] SSA allows for certificate chains. 这意味着被识别方的公共密钥可由不同的CA(不同于识别方所信任的CA)来签署。 This means that the public key of the party identified by different CA (Fang Suoxin different from any of the identified CA) to sign. 在此情况下,被识别方将除了其自身的证书外还提供签署其公共密钥的CA的证书。 In this case, the party identified in addition to its own certificate which also provides a signed certificate of the CA's public key. 如果此第二级证书仍不为另一方所信任(未由其置信CA签署),那么可提供第三级证书。 If this is still not second-class certificate trusted by the other party (not signed by the confidence CA) was then may provide a third level certificate. 在此证书链接算法中,每一方将拥有验证其公共密钥所需的证书的完整列表。 In this certificate link algorithm, each party will have a full list of certificates needed to verify their public key. 这在图23和对中说明。 This is illustrated in FIG. 23 to. 此类型的ACR进行相互验证所需的凭证是选定长度中的RSA 密钥对。 This type of ACR credentials required for mutual authentication is selected lengths RSA key pair.

[0284] SSA 证书 [0284] SSA certificate

[0285] SSA使用[X. 509]版本3数字证书。 [0285] SSA use [X. 509] version 3 digital certificates. [X. 509]是通用标准;此处描述的SSA证书简档进一步指定并限制证书的所定义字段的内容。 [X. 509] is a universal standard; and limit further specifies that the definition of the field certificate of the certificate SSA profile described herein. 证书简档还定义为证书链的管理定义的信任层级、SSA证书的确认以及证书撤回列表(CRL)简档。 Certificate management profile further defined as defined in the certificate chain of trust level, SSA certificate of acknowledgment and certificate revocation list (CRL) profile.

[0286] 证书被认为是公共信息(作为内部的公共密钥)且因此不被加密。 [0286] Certificates are considered public information and thus is not encrypted (as inside public key). 然而,其包含检验公共密钥以及所有其它信息字段未被窜改的RSA签名。 However, it contains a public key and RSA signature test all other information fields are not tampered with.

[0287] [X. 509]定义使用ASN. 1标准格式化每一字段,所述ASN. 1标准又使用DER格式进行数据编码。 [0287] [X. 509] is defined using the ASN. 1 format standard each field, the ASN. 1 and the standard format for data encoded using DER.

[0288] SSA证书概述 [0288] SSA Certificate Overview

[0289] 图20和21中描绘的SSA证书管理结构的一个实施例由针对主机的无限制层级层和针对装置的至多三个层级层组成,但可针对装置使用多于或少于三个的层级层数。 [0289] FIGS. 20 and 21 are depicted in a SSA certificate management unrestricted by the configuration of an embodiment of hierarchical layer for the host and the device for up to three hierarchical layer composition, but may be more or less than three devices used for hierarchical layers.

[0290] 主机证书层级 [0290] host certificate level

[0291] 装置基于两个因素验证主机:存储在装置中的根CA证书(作为在创建ACR时存储的ACR凭证),和由试图存取装置的实体供应的证书/证书链(针对所述特定ACR)。 [0291] the host device authentication based on two factors: the root CA certificate stored in the device (ACR credentials as stored in the creation of ACR), and a supply device attempting to access the entity certificate / certificate chain (for the specific ACR).

[0292] 对于每一ACR,主机证书授权方用作根CA (这是驻存在ACR凭证中的证书)。 [0292] For each ACR, the host serves as the root certificate authority CA (certificate which is resident in the ACR credentials). 举例来说:对于一个ACR,根CA可以是“主机1 CA (层2)证书”,且对于另一ACR,其可以是“主机根CA证书”。 For example: For a the ACR, the root CA may be "CA Host. 1 (layer 2) certificate", and the other for the ACR, which may be a "host root CA certificate." 对于每一ACR,持有由根CA签署的证书(或将根CA连接到终端实体证书的证书链)的每个实体可登录到所述ACR中,只要其具有针对终端实体证书的相应专用密钥。 For each ACR, the certificate (or connected to the end-entity certificate chain root CA certificate) signed by the holder of the root CA can log in to each entity in the ACR, as long as it has a respective secret private entity certificate for the terminal key. 如上文所提及,证书是公共知识,且不保持为秘密的。 As mentioned above, the certificate is public knowledge, and not kept secret.

[0293] 由根CA发布的所有证书持有者(和相应专用密钥)可登录到所述ACR中的事实意味着对特定ACR的验证由存储在ACR凭证中的根CA的发布者确定。 [0293] All issued by the root CA certificate holders (and corresponding private keys) may be logged into the validation ACR in fact means that a particular root CA ACR is determined by the publisher in the ACR credential. 换句话说,根CA的发布者可以是管理ACR的验证方案的实体。 In other words, the root CA's publisher can be managed ACR authentication schemes entity.

[0294] 主机根证书 [0294] Host Root Certificate

[0295] 根证书是SSA用于开始检验试图登录(主机)的实体的公共密钥的置信CA证书。 [0295] SSA root certificate is used to test the confidence to start trying to log CA certificate (host) entity's public key. 此证书在ACR被创建作为ACR凭证的一部分时提供。 This certificate is provided as part of ACR credentials created in ACR. 其是PKI系统的信任的根源,且因此假定其由置信实体(父代ACR或制造/配置置信环境)提供。 Which is the root of trust PKI system and thus assumed to be provided by the entity of confidence (ACR parent or manufacturing / configuration confidence environment). SSA使用其公共密钥检验此证书以检验证书签名。 SSA uses its public key to verify this certificate to verify the certificate signature. 主机根证书以加密状态存储在非易失性存储器(图1未图示)中, 其中装置的秘密密钥优选地仅可由系统10的图1的CPU 12存取。 Host Root certificate encrypted state is stored in a nonvolatile memory (not shown in FIG. 1), the secret key preferably wherein the device is used only by the system 10 of FIG. 12 of the CPU 1 accesses.

[0296] 主机证书链 [0296] The host certificate chain

[0297] 这些是验证期间提供给SSA的证书。 SSA to provide a certificate during the [0297] These are verified. 链的处理完成之后,主机证书链的再收集不应存储在装置中。 After completion of the processing chain, then the collection host certificate chain should not be stored in the device.

[0298] 图20是说明若干不同主机证书链的主机证书层层级的示意图。 [0298] FIG. 20 is a schematic view of a number of different host certificate chains host certificate level layers described. 如图20中所说明, 主机证书可具有许多不同证书链,其中仅说明三个: As illustrated in Figure 20, you may have a number of different host certificate certificate chain, of which only three instructions:

[0299] Al.主机根CA证书502、主机1 CA (层2)证书504和主机证书506 ; . [0299] Al host root CA certificate 502, CA host. 1 (layer 2) 504 certificate and the host certificate 506;

[0300] Bi.主机根CA证书502、主机η CA (层2)证书508、主机1 CA (层3)证书510、主机证书512 ; . [0300] Bi host root CA certificate 502, CA host [eta] (Layer 2) certificate 508, CA host. 1 (Layer 3) The certificate 510, a host certificate 512;

[0301] Cl.主机根CA证书502、主机η CA (层2)证书508和主机证书514。 [0301] Cl. Host Root CA certificate 502, CA host [eta] (Layer 2) 508 and a host certificate 514 certificates.

[0302] 以上三个证书链Al、Bl和Cl说明可用于证明主机的公共密钥为真的三个可能的主机证书链。 [0302] three or more certificate chain Al, Bl and Cl Public keys may be used to demonstrate a true three possible host host certificate chain. 参考以上证书链Al且在图20中,主机1 CA(层2)证书504中的公共密钥由主机根CA的专用密钥签署(即,通过加密公共密钥的摘要),所述主机根CA的公共密钥在主机根CA证书502中。 Reference certificate chain Al above and in Figure 20, CA host. 1 (layer 2) in the public key certificate 504 signed by the CA root private key of the host (i.e., the digest of the public key encryption), the host root CA's public key in the host root CA certificate 502. 主机证书506中的主机公共密钥又由主机1 CA(层2)的专用密钥签署,主机1 CA(层2)的公共密钥提供在主机1 CA(层2)证书504中。 Host certificate 506 and the public key of the host (layer 2) of the private key signed by the host 1 CA, host 1 CA (layer 2) public key provided in the host 1 CA (layer 2) 504 certificate. 因此,具有主机根CA的公共密钥的实体将能够检验以上证书链Al的真实性。 Thus, the public key of the host entity having Root CA will be able to verify the authenticity of the certificate chain than Al. 作为第一步骤,所述实体使用其所拥有的主机根CA的公共密钥来解密由主机发送到其处的主机ICA(层2~)证书504中的所签署的公共密钥,并将经解密的所签署的公共密钥与由主机发送的主机1 CA(层2)证书504中的未签署的公共密钥的摘要进行比较。 As a first step, the host entity using the public key of the root CA which it has decrypted sent by the host to host at which the ICA signed 504 (Layer 2 ~) the public key certificate, and by summary decrypted signed public key sent by the host and the host 1 CA (layer 2) is not signed certificate 504 of the public key is compared. 如果两者匹配,那么主机1 CA(层2)的公共密钥经验证,且实体将接着使用主机1 CA(层2)的经验证的公共密钥来解密由主机所发送的主机证书506中的主机1 CA(层2)的专用密钥签署的主机的公共密钥。 If they match, then the host 1 CA (layer 2) public key authenticated, and then use the host entity 1 CA (layer 2) validated the host public key to decrypt the certificate sent by the host 506 public key host 1 CA (layer 2) is signed by the private key of the host. 如果此经解密的所签署值与由主机发送的主机证书506中的公共密钥的摘要的所签署值匹配,那么接着主机的公共密钥也经验证。 If signed by the values ​​match the decrypted digest value with the host certificate signed by the host 506 sends the public key, then followed by the host's public key is also verified. 证书链Bl和Cl可用于以类似方式进行验证。 Certificate chain Bl and Cl may be used for verification in a similar manner.

[0303] 如从以上涉及链Al的过程中将注意到,来自需要由实体检验的主机的第一公共密钥是主机1 CA(层2)而不是主机根CA证书中的公共密钥。 [0303] As will be noted from the above process involves a chain Al, is required from the host. 1 CA (layer 2) rather than the host root CA public key certificate by the public key of the first host entity test. 因此,主机需要发送到实体的全部内容是主机1 CA (层2)证书504和主机证书506,使得主机1 CA (层2)证书将是链中需要发送的第一个证书。 Thus, the host needs to send the entire contents of the host entity 1 CA (layer 2) 504 certificate and the host certificate 506, so that the host 1 CA (layer 2) will be the first certificate in the certificate chain to send. 如上文所说明,证书检验序列如下。 As explained above, the certificate check sequence is as follows. 检验实体(在此情况下为存储器装置10)首先检验链中第一证书(其在此情况下为根CA下的CA的证书504)中的公共密钥的真实性。 Checking entity (in this case the memory device 10) first checks the first certificate in the chain (which is a CA certificate of the root CA 504 in this case) the authenticity of the public key. 在此证书中的公共密钥检验为真之后,装置10接着继续检验下一证书(在此情况下为主机证书506)。 In this test the public key certificate is true after the device 10 then proceeds to the next inspection certificate (in this case host certificate 506). 出于同样的原因,在证书链含有两个以上证书的情况下可应用类似的检验序列,从紧接在根证书下方的证书开始并以待验证的实体的证书结束。 For the same reason, in the case of a certificate chain containing two or more applications may be similar certificate check sequence, beginning immediately below the root certificate in the certificate and the certificate of the entity to be authenticated end.

[0304] 装置证书层级 [0304] Certificate hierarchy means

[0305] 主机基于两个因数验证装置:存储在主机中的装置根CA,和由装置供应到主机的证书/证书链(其在创建ACR作为凭证时供应到装置)。 [0305] The host authentication apparatus based on two factors: the device stores a root CA in the host, supplied by the device and the certificate to the host / certificate chain (which is supplied to the apparatus as when creating the ACR credentials). 主机验证装置的过程类似于上文描述的装置验证主机的过程。 Host authentication process is similar to the apparatus described above host device authentication process.

[0306] 装置证书链 [0306] device certificate chain

[0307] 这些是ACR的密钥对的证书。 [0307] These are the certificate key pair of the ACR. 其在创建ACR时提供到卡。 It provides to the card when creating the ACR. SSA个别地存储这些证书,且将在验证期间将它们逐个提供到主机。 SSA individually store the certificates, and the host to provide them one by one during the verification. SSA使用这些证书来向主机验证。 SSA uses these credentials to authenticate to the host. 装置能够处置3个证书的链,但可使用不同于3个的证书数目。 Means capable of handling chain 3 certificates, can be used but the number is different from the three certificates. 证书的数目可依据ACR不同而变化。 The number of different certificates may vary according to ACR. 其在创建ACR时确定。 It is determined when you create the ACR. 装置能够将证书链发送到主机,然而,其不需要对它们进行解析,因为其不使用证书链数据。 Means capable of transmitting to the host certificate chain, however, it is not necessary to resolve them, because it does not use the certificate chain data.

[0308] 图21是说明装置证书层层级的示意图,所述层级用于说明针对使用SSA的装置(例如,存储装置)的1到η个不同证书链。 [0308] FIG. 21 is a schematic view of a device certificate level layer described, for explaining the hierarchy for devices (e.g., storage device) to use the SSA 1 η different certificate chain. 图21中说明的η个不同证书链如下: 21 illustrated in FIG η different certificate chain is as follows:

[0309] Α2.装置根CA证书520、装置1 CA (制造商)证书522和装置证书524 ; . [0309] Α2 means root CA certificate 520, CA apparatus. 1 (manufacturer) device certificate 524 and certificate 522;

[0310] Β2.装置根CA证书520、装置η CA (制造商)证书5¾和装置证书528。 [0310] Β2. Root CA certificate 520 means, means [eta] CA (manufacturer) 5¾ certificate 528 and device certificate.

[0311 ] SSA装置可由1到η个不同制造商制造,每一制造商具有其自身的装置CA证书。 [0311] SSA means η by a different manufacturer to manufacture, each manufacturer has its own device CA certificate. 因此,针对特定装置的装置证书中的公共密钥将由其制造商的专用密钥签署,且制造商的公共密钥又由装置根CA的专用密钥签署。 Therefore, the manufacturer of its private key to sign a certificate for a device-specific device public key, and the manufacturer public key and private key signed by the CA's root device. 装置的公共密钥被检验的方式类似于上文描述的主机的公共密钥的情况下的方式。 Embodiment means a case where the public key is checked in a manner similar to the public key of the host as described above. 与上文针对主机描述的链Al的检验的情况下一样,不需要发送装置根CA证书,且链中将需要发送的第一证书是装置i CA(制造商)证书,之后是装置证书,i是从1到η的整数。 As with the case for the test host Al chain described above, the transmitting apparatus does not need root CA certificate, and the first certificate in the chain requires that the transmission means I CA (manufacturer) certificate is a device certificate then, I η is an integer of from 1 to.

[0312] 在图21中说明的实施例中,装置将提供两个证书:装置i CA (制造商)证书,之后是其自身的装置证书。 [0312] In the embodiment illustrated in FIG. 21, the device will provide two certificates: means i CA (manufacturer) certificate is a device certificate after itself. 装置i CA(制造商)证书是制造此装置的制造商的证书,且所述制造商是提供专用密钥以签署装置的公共密钥的制造商。 Means i CA (manufacturer) certificate is a certificate for producing the device manufacturer, and the manufacturer to provide the public key signed by the private key of the manufacturer of the device. 当主机接收到装置i CA(制造商)证书时,主机将使用其所拥有的根CA的公共密钥来解密和检验装置i CA (制造商)公共密钥。 When the host apparatus receives the I CA (manufacturer) certificate, the host using the public key in its possession of the root CA to decrypt test apparatus I and CA (manufacturer) public key. 如果此检验失败,那么主机将中止过程并通知装置验证已失败。 If this test fails, then the host will abort the process and inform the device authentication has failed. 如果验证成功,那么主机接着将对下一证书的请求发送到装置。 If the validation is successful, then the host sends a request for a certificate to the next device. 装置将接着发送其自身的装置证书以由主机以类似方式检验。 The device then sends its own device certificate to verify in a similar manner by the host.

[0313] 上述检验过程还在图22和23中更详细说明。 Described in more detail [0313] The test procedure is also FIGS. 22 and 23. 在图22中,“SSM系统”是实施本文描述的SSA系统以及下文描述的其它功能的软件模块。 In FIG. 22, "SSM system" embodiment described herein, the SSA system and other features of the software modules described below. SSA可实施为软件或计算机代码,其具有存储在存储器20或CPU 12中的非易失性存储器(未图示)中的数据库,且被读取到RAM 12a中并由CPU 12执行。 SSA may be embodied as software or computer code that, by having stored in memory 20. CPU 12 executes the CPU 12 in a nonvolatile memory (not shown) in the database, and is read into RAM 12a or.

[0314] 如图22所示,在过程中存在三个阶段,其中在装置10中的SSM系统542验证主机系统M0。 [0314] As shown, there are three stages in the process 22, the SSM system which in the device 10 of the host system 542 to verify M0. 在第一公共密钥检验阶段,主机系统540在SSM命令中将主机证书链发送到SSM 系统M2。 In the testing phase the first public key, is sent to the host system 540 M2 SSM system will command the SSM host certificate chain. SSM系统542使用位于ACR 550中的主机根证书548中的根证书授权方公共密钥来检验(方框552)主机证书544和主机公共密钥M6的真实性。 SSM system 542 using the root certifying authority public key ACR 550 in the host 548 in the root certificate is checked (block 552) the authenticity of the host 544 and the host public key certificate M6. 当涉及到根证书授权方与主机之间的中间证书授权方的情况下,中间证书549也用于方框552中的检验。 In the case where an intermediate between a certificate authority root certificate authority and the hosts involved, but also tests for the intermediate certificate 549 in block 552. 假定检验或过程(方框55¾成功,那么SSM系统542接着行进到第二阶段。 Assuming that test or procedure (block 55¾ successful, the SSM system 542 then travels to the second stage.

[0315] SSM系统542产生随机数554并将其作为询问发送到主机系统M0。 [0315] SSM system 542 generates a random number 554 and sends it to the host system interrogation as M0. 系统540使用主机系统的专用密钥547来签署随机数554(方框556)并作为对询问的响应而发送经签署的随机数。 System 540 using a host system private key 547 to sign the random number 554 (block 556) as a response to the inquiry and transmits the signed random number. 使用主机公共密钥546来解密响应(方框558),并将响应与随机数5M进行比较(方框560)。 Using the host public key 546 to decrypt the response (block 558), and responses are compared (block 560) and the random number 5M. 假定经解密响应与随机数554匹配,那么询问响应成功。 Assume decrypted response with 554 random numbers match, then ask a successful response.

[0316] 在第三阶段,使用主机公共密钥546来加密随机数562。 [0316] In a third stage, using the host public key encrypted random number 562 to 546. 此随机数562接着为对话密钥。 This random number 562 followed by a session key. 主机系统540可通过使用其专用密钥来解密(方框564)来自SSM系统542的经加密随机数562而获得对话密钥。 The host system 540 may be decrypted (block 564) the encrypted random number 562 from the SSM system 542 by using its private key to obtain the session key. 借助此对话密钥,接着可启始主机系统540与SSM系统542之间的安全通信。 With this session key, then secure communication between the host system 540 may start with the SSM system 542. 图22说明其中主机系统MO由装置10中的SSM系统542验证的单向不对称验证。 22 illustrates the MO host system wherein the verification means 10 SSM system 542 one-way asymmetric authentication. 图23是说明类似于图22的单向验证协议的双向相互验证过程的协议图, 其中图23中的SSM系统542也由主机系统540验证。 FIG 23 is a protocol diagram of a two-way mutual authentication procedure is similar to one-way authentication protocol of FIG. 22, where the SSM system 542 in FIG. 23 is also verified by the host system 540.

[0317] 图M是用于说明本发明的一个实施例的证书链590的图。 [0317] FIG. FIG M is a certificate chain 590 for an embodiment of the present invention. 如上所述,需要呈现以用于检验的证书链可包含若干证书。 As described above, it is necessary to present a certificate chain may comprise a number of tests for the certificate. 因此,图M的证书链包含总共九(9)个证书,其全部可能需要经检验以用于验证。 Thus, FIG M certificate chain comprises a total of nine (9) certificates, all of which may be required for verification by the test. 如上文背景部分中所阐释,在用于证书检验的现有系统中,发送不完整证书链,或在发送完整证书的情况下,不以任何特定次序发送证书使得接收者将在已接受并存储整个群组的证书后才能分析证书。 As explained above in the background section, in conventional systems for the inspection certificate, the certificate chain transmission is not complete, or in the case of complete transmission of the certificate, the certificate is not transmitted in any particular order so that the recipient will be accepted and stored in after the certificate to the certificate of analysis of the entire group. 由于链中证书的数目事先不知道,所以这可引起问题。 Since the number of certificates in the chain not known in advance, so this can cause problems. 可能需要保留大量存储空间以用于存储不确定长度的证书链。 You may want to keep a lot of storage space for storing the certificate chain of indeterminate length. 这对于执行检验的存储装置可能成问题。 This could be a problem for the implementation of a storage device testing.

[0318] 本发明的一个实施例是基于以下认识:一其中主机装置以与证书链将被存储装置检验的次序相同的次序发送其证书链的系统可减轻所述问题。 [0318] An embodiment of the present invention is based on the recognition: a host device to which the certificate chain to be transmitted with the same order of the order in which the storage device testing system certificate chain can reduce the problem. 因此,如图M所示,证书的链590以作为紧接在主机根证书以下的证书的证书链590(1)开始,且以作为主机证书的证书590(9)结束。 Thus, as shown in FIG M, certificate of the certificate chain 590 to chain 590 as a host immediately below the root certificate of the certificate (1) starts, and at 590 the certificate (9) as the host certificate end. 因此,装置10将首先检验证书590(1)中的公共密钥,之后检验证书590 (2) 中的公共密钥等等,直到证书590(9)中的主机公共密钥经检验为止。 Thus, the device 10 first checks the public key certificate 590 (1), after the inspection certificate 590 (2) the public key, etc., until the certificate 590 (9) until the host public key by inspection. 这接着完成整个证书链590的检验过程。 This entire process is then complete the inspection certificate chain 590. 因此,如果主机装置以与证书链将被检验的次序或序列相同的次序或序列将证书链590发送到存储器装置10,那么存储器装置10可在接收到每一证书时开始检验每一证书,而不必等到已接收链590中的全部9个证书为止。 Thus, if the order of the host device with the certificate chain to be tested or the order or sequence of the same sequence send the certificate chain 590 to the memory device 10, the memory device 10 may initiate testing of each certificate upon receiving the certificate to each, and do not have to wait until the receive chain 590 has all nine certificate. [0319] 因此,在一个实施例中,主机装置一次将链590中的一个证书发送到存储器装置10。 [0319] Thus, in one embodiment, once the host device transmits a certificate chain 590 to the memory device 10. 存储器装置10将接着必须一次存储单一证书。 10 must then be stored in a memory device of a single certificate. 在已检验证书之后,其可由主机所发送的下一证书(链中的最后一个证书除外)重写。 After the certificate has been tested, the next certificate (except the last certificate in the chain) by the host which transmitted rewritten. 以此方式,存储器装置10将需要保留空间以用于在任何时间仅存储单一证书。 In this manner, the memory device 10 will need to reserve space for storing only a single certificate at any time.

[0320] 存储器装置将需要知道何时已接收整个链590。 [0320] The memory device needs to know when the whole chain 590 has been received. 因此,优选地,最后一个证书590(9)含有这是链中的最后一个证书的指示符或指示。 Thus, preferably, the last certificate 590 (9) containing a certificate which is the last in the chain indicator or indication. 此特征在图25中说明,图25是说明处于证书缓冲器之前的控制扇区中的由主机发送到存储器装置10的信息的表。 This feature is described in FIG. 25, FIG. 25 is a control sector before the certificate is sent from the buffer to the host information table 10 of the memory device. 如图25 所示,证书590(9)的控制扇区含有自变量名称“'为最终'旗标”。 As shown, the certificate 590 (9) comprises a control sector 25 from the variable name ' "is the final' flag." 存储器装置10可接着通过检查“为最终”旗标是否经设定来检验证书590(9)是链中最后一个证书,以确定所接收的证书是否为链中最后一个证书。 The memory device 10 may then by checking "as the ultimate" whether the flag to be set by the inspection certificate 590 (9) is the last certificate in the chain, in order to determine whether the received certificate is the last certificate in the chain.

[0321] 在替代实施例中,链590中的证书可不逐个发送,而是以一个、两个或三个证书的群组发送。 [0321] In an alternative embodiment, the certificate chain 590 may not individually, but transmitted in groups one, two or three certificates. 显然,可使用具有其它数目的证书的群组或群组中相同数目的证书。 Obviously, using a group or a group having other number of certificates in the same certificate number. 因此,链590包含证书591、593、595、597和599的五(¾个连续串。所述串的每一者含有至少一个证书。证书的连续串是含有紧接于链中讨论中的一个串之前的串的证书(开始证书)、紧接于链中一个串之后的串的证书(结束证书)和开始证书与结束证书之间的所有证书的串。 举例来说,串593含有所有三个证书590 (2),590 (3)和590 (4)。五个证书串由存储器装置10以以下序列检验:591、593、595、597,并以599结束。因此,如果五个串以与存储器装置10所执行的检验相同的序列发送和接收,那么存储器装置在串已被检验之后将不需要存储串的任一者,且除最后一个串以外的所有串可由从主机到达的下一串重写。如在先前实施例中一样,链中最后一个证书需要含有设定为特定值以指示其为链中最后一个证书的指示符(例如,旗标)。在此实施例中,存储器装置将仅需 Thus, the chain 590 comprises five (¾ contiguous strings certificate 591,593,595,597 and 599. Each of the strings comprises at least one certificate is a certificate containing a contiguous chain next to a discussion certificate string before the string (start certificate), all certificates between the string and the start and end of certificates in the certificate chain immediately after the string in a string certificate (certificate end). for example, the string 593 containing all three certificates 590 (2), 590 (3) and 590 (4) five certificates in the following sequence string 10 is checked by the memory means: 591,593,595,597, and 599 to the end result, if the string to five the same transmission and reception check sequence performed by the memory device 10, the memory device after the string has been tested to not need to store any of a string, and all except the last string may be a string of a next arriving from the host string rewriting. as in the previous embodiment, as the last certificate in the chain needs to contain a specific value set to indicate that the last certificate in the chain indicator (e.g., flag). in this embodiment, the memory the only device 要保留足以存储五个串中最大数目的证书的空间。因此,如果主机首先通知存储器装置10其打算发送的最长串,那么存储器装置10将仅需要保留足够的空间用于最长串。 To retain sufficient memory five strings the maximum number of certificates. Thus, if the memory device 10 first notifies the host of its intention to send the longest string, then the memory device 10 only needs to retain sufficient space for the longest string.

[0322] 优选地,由主机发送的链中每一证书的长度不大于由证书鉴定的公共密钥的长度的四倍。 [0322] Preferably, the length of each chain certificate sent by the host is not larger than four times the length of the public key identified by the certificate. 类似地,由存储器装置10发送到主机装置以鉴定存储器装置的公共密钥的证书的长度优选地不大于由证书鉴定的公共密钥的长度的四倍。 Similarly, transmitted by the host device to the memory device 10 is preferably a length of the public key certificate identification means is not more than four times the memory length of the public key identified by the certificate.

[0323] 上述用于检验证书链的实施例在图沈的流程图中说明,在图沈中为了简单起见, 每一群组中的证书数目假定为一。 [0323] the above-described embodiments for verifying the certificate chain in the flowchart of FIG sink illustrated, for simplicity, the number of each group in the certificate is assumed to be a sink in FIG. 如图沈所示,主机将链中的证书循序发送到卡。 As shown in FIG Shen, the host sequentially transmits the certificate chain to the card. 以链中的第一证书(通常是紧跟如上文所阐释的根证书之后的证书)开始,卡循序地从正被验证的主机接收证书链(方框602)。 A first certificate (usually immediately after the certificate as explained above, the root certificate) in the chain starts, the card being verified sequentially from the host receives the certificate chain (block 602). 卡接着检验所接收的证书的每一者并在证书的任一者未能被检验的情况下中止过程。 Each card is then received inspection certificate and the process is aborted in the case of any one of the certificate could not be tested. 如果证书的任一者未能被检验,那么卡通知主机(方框604、 606)。 If the certificate either one could not be verified, the card notifies the host (block 604, 606). 卡将接着检测最后一个证书是否已被接收和检验(菱形608)。 The card then detects whether the last certificate has been received and verified (diamond 608). 如果最后一个证书未被接收和检验,那么卡接着返回到方框602以继续接收和检验来自主机的证书。 If a certificate has not been received and the last test, the card then returns to block 602 to continue receiving and inspection certificate from the host. 如果最后一个证书已被接收和检验,那么卡接着在证书检验之后行进到下一阶段(610)。 If the last certificate has been received and verified, then the card and then proceed to the next stage (610) after the inspection certificate. 虽然图26和以下的后续图式中的特征参考存储器卡作为实例,但将了解,这些特征也可应用于具有非存储器卡的物理形式的存储器装置。 While FIGS. 26 and subsequent figures the following features in the reference memory card as an example, it will be appreciated that these features may also be applied to a memory device having a non-physical form of the memory card.

[0324] 当卡正验证主机时主机实行的过程在图27中说明。 [0324] The host implementation of the process illustrated in FIG. 27 when the card is positively verify the host. 如图27所示,主机将链中的下一证书发送到卡(方框620)(通常以紧跟根证书之后的一个证书开始)。 27, the host transmits the next certificate in the chain to the card (block 620) (typically started immediately after the certificate in a root certificate). 主机接着确定是否已从卡接收指示验证失败的中止通知(菱形622)。 The host then determines whether to receive an indication from the suspend notification card verification fails (diamond 622). 如果已接收中止通知,那么主机停止(方框624)。 If the suspension notice has been received, then the host is stopped (block 624). 如果尚未接收中止通知,那么主机通过检查所发送的最后一个证书中是否已设定“为最终旗标”来检查是否已发送链中的最后一个证书(菱形626)。 If the notice of suspension has not been received, then the host through a final inspection certificate sent in has been set "for the final flag" has been sent to check whether the last certificate (diamond 626) chain. 如果已发送最后一个证书,那么主机接着在证书检验之后行进到下一阶段(方框628)。 If you have to send a final certificate, then the host and then proceed to the next stage (block 628) after the inspection certificate. 如图22和23中所说明,下一阶段可以是询问响应,之后是对话密钥创建。 22 and 23 illustrate, the next phase can be a challenge-response, followed by a session key created. 如果尚未发送链中的最后一个证书,那么主机返回到方框620以发送链中的最后一个证书。 If the last certificate in the chain has not been sent, then block 620 returns to the host the last certificate in the chain is transmitted.

[0325] 当卡正被验证时卡和主机采取的动作在图28和四中说明。 [0325] When the operation of the card is being verified taken card and host described in Figures 28 and four. 如图28所示,在开始之后,卡等待来自主机的发送链中的证书的请求(方框630、菱形63幻。如果未接收到来自主机的请求,那么卡将返回到菱形632。如果接收到来自主机的请求,那么卡将接着发送链中的下一证书,以应发送的第一证书开始(通常以紧跟根证书之后的一个证书开始)(方框634)。卡确定是否已从主机接收失败通知(菱形636)。如果已接收失败通知,那么卡停止(方框637)。如果未接收失败通知,那么卡接着确定是否已发送最后一个证书(菱形638)。 如果尚未发送最后一个证书,那么卡返回到菱形632并等待直到其从主机接收到发送链中的下一证书的下一请求为止。如果已发送最后一个证书,那么卡接着行进到下一阶段(方框639)。 As shown, after starting, the card 28 waits for a request from the host certificates in the chain transmission (block 630, diamond shape 63 phantom. If no request is received from the host, then the card is returned to diamond 632. If the received the request from the host, the card will then transmit the next certificate in the chain, the first certificate to be transmitted is started (typically begins immediately after a certificate of the root certificate) (block 634). determines whether the card from If the host fails to receive a final notification has not been sent (diamond 636). If the failure notification has been received, then the card is stopped (block 637). If not received notification fails, then the card then determines whether to send a final certificate (diamond 638). certificate, the card returns to diamond 632 and waits until it receives from the host to the next transmission of the next certificate in the chain until the request. If the last certificate has been transmitted, then the card and then proceeds to the next stage (block 639).

[0326] 图四说明当卡正被验证时主机采取的动作。 [0326] FIG four when the operation card being verified taken host. 主机将对链中的下一证书的请求发送到卡,以对待发送的第一证书的请求开始(方框640)。 Transmission request will next host certificate chain to the card, the first certificate request to treat the start of transmission (block 640). 主机接着检验所接收的每一证书, 并中止过程且通知卡检验是否失败(方框642)。 The host then testing each of the received certificate, and the process is aborted and a failure notification checks whether the card (block 642). 如果检验通过,那么主机检查是否已接收并成功检验最后一个证书(菱形644)。 If the test is passed, then the host checks if it has received and successfully tested last certificate (diamond 644). 如果尚未接收和成功检验最后一个证书,那么主机接着返回到方框640以发送对链中的下一证书的请求。 If a certificate has not been received and the last successful test, the host then returns to block 640 to send a request for the next certificate in the chain. 如果已接收和成功检验最后一个证书,那么主机接着在证书检验之后行进到下一阶段(方框646)。 If successfully received and a final inspection certificate, inspection certificate after the host then proceed to the next stage (block 646).

[0327] 证书撤回 [0327] certificate revocation

[0328] 当发布证书时,预期其用于其整个有效性周期。 [0328] When issuing certificates, expected for its entire validity period. 然而,各种情形可导致证书在有效性周期期满之前变得无效。 However, various circumstances may cause a certificate to become invalid prior to the expiration of the validity period. 此类情形包含名称改变、主题与CA之间的关联改变(例如,职员终止与机构的雇用关系),以及相应专用密钥的泄密或可疑泄密。 Such circumstances include change of name, change the association (eg, termination of employment relationship with the employee organizations) between the subject and the CA, and the corresponding private key compromise or suspected compromise. 在此类情形下,CA需要撤回证书。 In such cases, CA need to withdraw the certificate.

[0329] SSA以不同方式实现证书撤回,每一ACR可经配置以用于特定的撤回证书的方法。 [0329] SSA certificate revocation implemented in different ways, each ACR may be configured to a particular method for withdrawal of certificates. ACR可经配置以不支持撤回方案。 ACR can be configured to not support the withdrawal plan. 在此情况下,认为每一证书有效直到其期满日期为止。 In this case, think of each certificate is valid until its expiry date. 或者可使用证书撤回列表(CRL)。 Or you can use a certificate revocation list (CRL). 作为又一替代方案,撤回方案可特定针对特定应用,或为应用特定的,其将在下文中阐释。 As yet another alternative, the withdrawal may be specific for a particular application program, or application-specific, as it will be explained hereinafter. ACR通过指定撤回值而指定采用三种撤回方案中的哪一种。 ACR specified which of the three withdrawal scheme employed by specifying values ​​withdrawal. 如果在无撤回方案的情况下创建ACR,那么其有可能采用可由ACR所有者激活的撤回方案。 If you create ACR in the absence of the withdrawal plan, then it may be possible to use ACR owner activation of the withdrawal plan. 存储器装置证书的撤回由主机而不是由SSA安全性系统实行。 Withdraw the certificate memory device from the host rather than the implementation of the SSA security system. ACR所有者负责管理主机根证书的撤回,完成此动作所借助的机制是通过更新ACR的凭证来进行。 ACR owner is responsible for managing the host root certificate withdrawal, the complete mechanism of this action is carried out by means of updating the ACR credentials.

[0330] 证书撤回列表(CRL) [0330] Certificate Revocation List (CRL)

[0331] SSA系统使用撤回方案,其涉及每一CA周期性地发布称为证书撤回列表(CRL)的经签署数据结构。 [0331] SSA system uses the withdrawal plan, which involves each CA periodically publish called the Certificate Revocation List (CRL) of the signed data structure. CRL是经时间戳记的列表,其识别由CA(发布讨论中的证书的同一CA) 签署的撤回的证书,且可由公众自由使用。 CRL is a time-stamped list that identifies the CA (CA certificate issued the same discussion) signed certificates withdrawn, and can be used freely to the public. 每一撤回的证书在CRL中由其证书序列号识别。 Each withdrawn therefrom certificate in a CRL serial number of the certificate identification. CRL的大小是任意的且依赖于被撤回的未期满证书的数目。 CRL size is arbitrary and depends on the number of unexpired certificate to be withdrawn. 当装置使用证书(例如,用于检验主机的身份)时,装置不仅检查证书签名(和有效性),而且对照通过CRL接收的序列号的列表对其进行检验。 When the device using a certificate (e.g., for checking the identity of the host), means not only checks the certificate signature (and effectiveness), and the sequence number against a list CRL be received by the test. 如果在由发布证书的CA发布的CRL上发现例如证书的序列号等识别信息,那么这指示证书已被撤回且不再有效。 If it is found on the CRL issued by the CA that issued the certificate such as certificate serial number and other identifying information, this indicates that the certificate has been withdrawn and is no longer valid.

[0332] CRL还将需要被检验为真的以便使其可用于验证证书的目的。 [0332] CRL will also need to be tested to be true so that it can be used for the purpose of verification of the certificate. 使用发布CRL的CA 的专用密钥来签署CRL,且可通过使用CA的公共密钥对经签署CRL进行解密而将CRL检验为真的。 CA CRL publishing using the private key to sign the CRL, and can decrypt and verify the CRL is true by using the CA's public key signed CRL. 如果经解密CRL与未经签署的CRL的摘要匹配,那么这意味着CRL尚未被窜改且是真的。 If the unsigned summary matching CRL and CRL decrypted, then this means that CRL has not been tampered with and is true. CRL使用散列算法频繁地经散列以获得其摘要,且摘要通过CA的专用密钥加密。 CRL frequently using a hashing algorithm to obtain a summary hashed and encrypted key digest through the CA's private. 为了检验CRL是否有效,使用CA的公共密钥解密经签署CRL (即,散列和经加密CRL)以得到经解密和散列的CRL (S卩,CRL的摘要)。 In order to test the validity of CRL, using the CA's public key to decrypt the signed CRL (ie, hashed and encrypted CRL) to obtain decrypted and hashed CRL (S Jie, CRL's summary). 这接着与散列CRL进行比较。 It then compared with the hash CRL. 因此,检验过程可能频繁地涉及散列CRL以与经解密和散列的CRL进行比较的步骤。 Thus, the inspection process may be a step of comparing the hash CRL with the CRL decrypted hashed and frequently involves.

[0333] CRL方案的特性之一是,证书的确认(对照CRL)可与获得CRL分离执行。 One of the characteristics [0333] CRL solution was confirmed certificate (control CRL) can be obtained with the separation performing CRL. CRL也由相干证书的发布者签署,且以类似于证书的检验的方式使用以上述方式发布CRL的CA的公共密钥而被检验。 CRL also signed by the publisher coherent certificates, and in a manner similar to the certificate of inspection of the use of public key distribution CA CRL in the manner described above have been tested. 存储器装置检验签名是CRL的,且CRL的发布者与证书的发布者匹配。 The memory device is to verify the signature of the CRL and the CRL publisher and the publisher certificate match. CRL方案的另一特性是,可借助与证书本身完全相同的手段,即经由非置信服务器和非置信通信来分布CRL。 Another embodiment is characteristic CRL, by means of the certificate itself can be exactly the same means, i.e., via a CRL distribution to untrusted servers and untrusted communication. CRL及其特性在X. 509标准中详细阐释。 CRL and characteristics explained in detail in the X. 509 standard.

[0334] CRL的SSA基础结构 [0334] CRL SSA of infrastructure

[0335] SSA为使用CRL方案的主机的撤回提供基础结构。 [0335] SSA provides the infrastructure used for the withdrawal of the host CRL scheme. 当以CRL撤回方案向基于RSA 的ACR验证时,主机向设定证书命令添加一个CRL (如果发布者CA未撤回任何证书,那么可能为空的CRL)作为额外字段。 When the CRL to withdraw the scheme to verify RSA-based ACR, the host add command to set a CRL certificate (if the publisher did not withdraw any CA certificate, it may be empty CRL) as an additional field. 此字段将含有由证书的发布者签署的CRL。 This field will contain CRL signed by the publisher certificate. 当此字段存在时,存储器装置10首先检验设定证书命令中的证书。 When this field is present, the memory device 10 first checks the certificate set in the certificate command. 获得和存取CRL储存库完全是主机的责任。 And obtain access CRL repository is entirely the responsibility of the host. CRL以其在期间有效的时间周期(CRL期满时间周期或CET)来发布。 CRL its effective during the time period (CRL expiration of the time period or CET) to publish. 在检验期间,如果发现当前时间不在此时间周期内,那么认为CRL有缺陷,且不能用于证书检验。 During the test, if the current time is not found in this time period, it is considered CRL is defective and can not be used for certification testing. 因而结果是,证书的验证失败。 Thus a result, the certificate verification fails.

[0336] 在常规证书检验方法中,验证或检验实体预期拥有或能够从证书授权方(CA)检索证书撤回列表,并对照列表检查经呈现用于验证的证书的序列号以确定所呈现的证书是否已被撤回。 [0336] In a conventional method for testing a certificate, verification or checking entity or can be expected to have a certificate revocation list to retrieve a certificate authority (CA) from the certificate against a list of examination and presentation sequence number of the certificate for validation to determine the presented whether it has been withdrawn. 在验证或检验实体为存储器装置的情况下,存储器装置可能未独立地用于从CA检索证书撤回列表。 In a case where authentication or verification entity is a memory device, the memory device may not be used independently to retrieve the certificate from the CA revocation list. 如果证书撤回列表预先存储在装置中,那么此列表可变得过期使得安装日期之后撤回的证书将不会出现在列表上。 If the certificate revocation list after pre-stored in the device, then the list can become outdated making the installation date of the withdrawal of the certificate will not appear on the list. 这将使用户能够使用撤回的证书存取存储装置。 This will enable users to use the certificate revocation access storage device. 这是不合需要的。 This is undesirable.

[0337] 在一个实施例中,上述问题可由一系统解决,其中希望被验证的实体将证书撤回列表连同待验证的证书一起提供到验证实体(其可为存储器装置10)。 [0337] In one embodiment, a system of the above problems can be solved, which is desired to be verified entity certificate revocation list together with the certificate to be verified is provided with verification entity (which may be a memory device 10). 验证实体接着检验证书和所接收的证书撤回列表的真实性。 Then check verification entity certificates and certificates received withdraw the authenticity of the list. 验证实体通过检查证书的识别信息(例如证书的序列号)是否存在于列表上来检查证书是否在撤回列表上。 Verification entity by checking the certificate identification information (e.g., certificate serial number) exists in the list up to check whether the certificate in the withdrawal list.

[0338] 鉴于以上内容,不对称验证方案可用于主机装置与存储器装置10之间的相互验证。 [0338] In view of the above, an asymmetric authentication scheme may be used for mutual authentication between the host device and the memory device 10. 希望向存储器装置10验证的主机装置将需要提供其证书链和相应CRL两者。 Memory device 10 wishes to verify the host device will need to provide both its certificate chain and corresponding CRL. 另一方面,主机装置已用于连接到CA以获得CRL,使得当存储器装置10将由主机装置验证时,存储器装置不需要将CRL连同其证书或证书链一起呈现给主机装置。 On the other hand, is connected to the host device has been used to obtain CRL CA, such that when the memory 10 by the host authentication means, the memory means does not need to be with its CRL certificate or certificate chain presented together to the host device.

[0339] 近年来,存在可用于播放内容的扩增数目的不同类型的便携式装置,例如不同内嵌式或独立音乐播放器、mp3播放器、蜂窝式电话、个人数字助理和笔记本计算机。 [0339] In recent years, the presence of the amplified number of different types of portable devices for playing the content, such as a different or separate the embedded music player, mp3 players, cellular telephones, personal digital assistants and notebook computers. 虽然有可能将此类装置连接到环球网以便存取来自证书授权方的证书检验列表,但许多用户通常不每日连接到网络,而是将连接到网络仅为了获得新内容或更新预订(例如每隔几个星期)。 While it is possible to connect these devices to the Web to access a list of inspection certificate from a certificate authority, but many users do not usually connected to the network daily, but will connect to the network merely to get a new or updated book (for example, every few weeks). 因此,此类用户必须较频繁地从证书授权方获得证书撤回列表可能是麻烦的。 Therefore, such users must obtain a certificate from a certificate authority more frequently revocation list can be cumbersome. 对于此类用户,证书撤回列表以及(任选地)将需要呈现到存储装置以存取受保护内容的主机证书可存储在存储装置本身的优选未受保护区域中。 For such users, and certificate revocation list (optionally) need to be rendered to the storage device to the host certificate to access the protected content may be stored in the storage device itself preferably unprotected area. 在许多类型的存储装置(例如,快闪存储器) 中,存储装置的未受保护区域由主机装置而不是由存储装置本身管理。 In many types of storage devices (e.g., flash memory), the unprotected area of ​​the memory device by the host device is not managed by the storage device itself. 以此方式,用户不需要(通过主机装置)必须连接到网络以获得更多最新证书撤回列表。 In this way, users do not need to be connected (via a host device) to the network to get more new certificate revocation list. 主机装置可简单地从存储装置的未受保护区域检索此类信息,并接着转向且将此类证书和列表呈现到存储装置或存储器装置以存取存储装置中的受保护内容。 The host device may simply retrieve such information from the unprotected area of ​​the memory device, and then turned and the presentation of such certificates and the list of storage or memory means to access protected content storage means. 由于用于存取受保护内容的证书及其相应证书撤回列表通常在某些时间周期内有效,所以只要其仍有效,用户就将不必获得最新证书或证书撤回列表。 Because the certificate used to access the protected content and its corresponding certificate revocation list is usually valid for a certain period of time, so long as it is still valid, the user will not have to get the latest certificate or certificate revocation list. 以上特征使用户能够在适当长的周期期间在证书和证书撤回列表两者均仍有效的情况下便利地存取证书和证书撤回列表,而不必连接到证书授权方来获得更新的信息。 The above features enable the user to withdraw during a suitably long period in both certificates and certificate list still conveniently access the certificates and certificate revocation lists valid, without being connected to a certificate authority to obtain the updated information.

[0340] 上述过程在图30和31的流程图中说明。 [0340] The process described in the flowcharts of FIGS. 30 and 31. 如图30所示,主机M从存储器装置10 的未受保护的公共区域读取关于主机将呈现给存储器装置以用于验证的证书的CRL(方框652)。 30, the master M is read from the common areas unprotected memory device 10 regarding the memory presented to the host device the CRL (block 652) for the certificate validation. 由于CRL存储在存储器的未受保护区域中,所以在主机可获得CRL之前不需要验证。 Since the unprotected area of ​​the memory, there is no need to verify the CRL can be obtained before the host CRL. 因为CRL存储在存储器装置的公共区域中,所以CRL的读取受主机装置M控制。 Because the CRL stored in the public area of ​​the memory device, the host receiving the CRL read control means M. 主机又将CRL和待检验的证书一起发送到存储器装置(方框654),且除非其从存储器装置10接收到失败通知,否则行进到下一阶段(方框656)。 Sending host CRL and certificate to be checked in turn with a memory device (block 654), and, unless it receives from the memory device 10 to the failure notification, or proceeds to the next stage (block 656). 参看图31,存储器装置从主机接收CRL和证书(方框658)并检查证书序列号是否在CRL上(方框660),以及检查其它方面(例如,CRL 是否已期满)。 Referring to Figure 31, the memory device receives the CRL and certificate (block 658) from the host and checks whether the serial number of the certificate in the CRL (block 660), and (5) Other (e.g., CRL has expired). 如果发现证书序列号在CRL上或由于其它原因而失败,那么存储器装置接着将失败通知发送到主机(方框66¾。以此方式,不同的主机可获得存储在存储器装置的公共区域中的CRL,因为所述同一CRL可用于不同主机的验证。如上所述,为了用户的便利,将使用CRL检验的证书也可与CRL —起优选地存储在存储器装置10的未受保护区域中。然而,证书可用于仅由证书被发布到的主机向存储器装置验证。 If the certificate on a CRL serial number or other reasons discovery fails, then the memory device then transmits the failure notification to the host (block 66¾. In this manner, different host CRL stored in the public area of ​​the memory available in the device, because the certificate may be used to verify different CRL same host as described above, for the user's convenience, the tests may also be used with the CRL CRL -.. from preferably stored in the unprotected area of ​​the memory device 10, however, the certificate can only be used by a certificate is issued to the memory device to the authentication host.

[0341] 在CRL在其字段中含有下一更新的时间(如图32中所说明)的情况下,装置10 中的SSA还对照此时间检查当前时间以查看当前时间是否在此时间之后;如果是,那么验证也失败。 [0341] In the next update of the CRL containing in its fields the case (described in Figure 32), the apparatus further control this time 10 SSA checks the current time to see whether the current time after this time; if yes, then verification fails. SSA因此优选地对照当前时间(或对照存储器装置10接收到CRL时的时间)检查下一更新的时间以及CET两者。 SSA is therefore preferably against the current time (or the memory control means 10 receives the time CRL) to check both the next update time and CET.

[0342] 如上所述,如果CRL含有被撤回证书的识别信息的长列表,那么处理(例如散列) 和搜索列表以获得由主机呈现的证书的序列号可能花费较长时间,尤其是在处理和搜索依序实行的情况下。 [0342] As described above, if the CRL contains a long list of identification information of the certificate is withdrawn, the process (e.g., hash) and a search list to obtain a certificate presented by the host serial number may take a long time, especially in the process and the case of searching sequentially implemented. 因此,为了加速过程,这些可同时实行。 Accordingly, in order to accelerate the process, which can be implemented simultaneously. 此外,如果需要在处理和搜索整个CRL之前接收整个CRL,那么过程也可能耗时。 In addition, if you need to receive before processing the entire CRL and search the entire CRL, the process may also be time consuming. 申请人认识到,可通过处理和搜索CRL的若干部分(在其被接收时(在进行中))来加速过程,使得当接收到CRL的最后部分时,过程即将完成。 Applicants recognized by portions of the CRL and the search process (as it is received (in progress)) to speed up the process, such that when the last part of the CRL is received, the process is nearing completion.

[0343] 图33和34说明撤回方案的以上特征。 [0343] Figures 33 and 34 illustrate features of the above solution withdrawn. 在验证实体(例如,存储器装置,比如存储器卡)处,从希望被验证的实体接收证书和CRL (方框702)。 In the verification entity (e.g., a memory device, such as a memory card), the desired is verified from the CRL and certificate receiving entity (block 702). 处理(例如散列)未加密CRL 的若干部分,且对这些部分同时执行搜索以用于所呈现的证书的识别(例如,序列号)。 Processing (e.g., hash) unencrypted portions of the CRL, and simultaneously perform a search for identifying the presented certificate (e.g., serial number) of these portions. 将经处理(例如散列)的CRL部分编译为完整的散列CRL,其与通过用从希望被验证的实体接收的部分编译经解密CRL部分而形成的完整的经解密和散列的CRL进行比较。 The processed CRL partially compiled (e.g., hash) for a complete hash CRL, the CRL that performs full decrypted and the decrypted hashed CRL portions formed by partially compiled with the verified entity wishing to be received Compare. 如果比较指示比较中不存在匹配,那么验证失败。 If the comparison indicates that the comparison there is no match, then the authentication fails. 验证实体还对照当前时间检查下一更新的时间以及CET两者(方框706、708)。 Verification entity further check against the current time and the next update time of both the CET (block 706, 708). 如果发现所呈现的证书的识别信息在CRL上或当前时间不在CET内,或如果下一更新的CRL的时间已过去,那么验证也失败(方框710)。 If you find presented a certificate identifying information on CRL or the current time is not within the CET, or if the CRL next update of time has elapsed, then the validation also fails (block 710). 在一些实施方案中,为编译而存储散列CRL部分和经解密散列CRL部分可能不需要大量存储器空间。 In some embodiments, the compiler is stored hash and decrypted hashed portion CRL CRL portion may not require a lot of memory space.

[0344] 当实体(例如,主机)希望被验证时,其将把其证书和CRL发送到验证实体(方框722),并行进到下一阶段(方框724)。 [0344] When an entity (e.g., host) desired to be verified, the CRL and it will send its certificate to the authentication entity (block 722), and proceeds to the next stage (block 724). 这在图34中说明。 This is illustrated in FIG. 34.

[0345] 如果实体呈现用于识别的证书链,那么可实施与上文类似的过程。 [0345] If the entity for identifying the presented certificate chain, the embodiment may be similar to the above procedure. 在此情况下,将需要针对链中每一证书以及其相应CRL重复上述过程。 In this case, the need to repeat the above process for each certificate chain and corresponding CRL. 每一证书及其CRL可在其被接收时处理,而不用等待接收证书链的其余部分以及其相应CRL。 Each certificate and CRL can be processed as it is received, without waiting for the rest of the received certificate chain and corresponding CRL.

[0346] 身份对象(IDO) [0346] Identity Object (IDO)

[0347] 身份对象是经设计以允许存储器装置10 (例如,快闪存储器卡)存储RSA密钥对或其它类型的密码ID的受保护对象。 [0347] the identity of the object is designed to allow the memory device 10 (e.g., a flash memory card) storing the protected object RSA key pair or other types of password ID. 身份对象包含可用于签署和检验身份以及加密和解密数据的任何类型的密码ID。 Identity object contains can be used to sign and verify the identity and any type of data encryption and decryption password ID. 身份对象还包含来自CA的证书(或来自多个CA的证书链), 其鉴定密钥对中的公共密钥为真。 Further comprising an object identity certificate from the CA (or a CA certificate chain from a plurality of) which the authentication key of the public key is true. 身份对象可用于提供外部实体或内部卡实体(即,装置本身、内部应用程序等,称为身份对象的所有者)的身份的证明。 Prove the identity of objects can be used to provide an internal or external entities card entity (i.e., the device itself, like internal application, called the owner of the object) identity. 因此,卡不使用RSA密钥对或其它类型的密码ID来通过询问响应机制验证主机,而是作为通过签署提供到其处的数据流进行识别的证明。 Accordingly, the card does not use the RSA key pair or other types of password ID to the host by the authentication challenge response mechanism, but as demonstrated by signing into the data stream provided at its identifying. 换句话说,身份对象含有其所有者的密码ID。 In other words, the identity of the object contains its owner's ID password. 为了存取身份对象中的密码ID,主机将首先需要被验证。 In order to access password ID identity object, the host will first need to be verified. 如下文所描述,借助ACR来控制验证过程。 As described below, the authentication process is controlled by ACR. 在主机已被成功验证之后,身份对象所有者可使用密码ID向另一方建立所有者的身份。 After the host has been successfully verified the identity of the object owner can establish the identity of the owner to the other party using a password ID. 举例来说, 密码ID(例如,公共-专用密钥对的专用密钥)可用于签署由另一方通过主机呈现的数据。 For example, a password ID (e.g., a public - private key private key pair) may be used to sign the data presented by the other party by the host. 代表身份对象所有者向另一方呈现身份对象中的经签署的数据和证书。 On behalf of the owner of the identity object identity object appear in the signed data and certificates to the other party. 证书中的公共-专用密钥对的公共密钥由CA(即,置信授权方)鉴定为真,使得另一方可信任此公共密钥为真。 Certificate public - private key of the public key by the CA (i.e., the confidence Licensee) were identified as true, so that this other trusted public key is genuine. 另一方可接着使用证书中的公共密钥解密经签署的数据,且将经解密数据与由另一方发送的数据进行比较。 The other party may then use the public key certificate to decrypt the signed data, and the decrypted data is compared with data transmitted by another party. 如果经解密数据与由另一方发送的数据匹配,那么这展示身份对象的所有者确实能够存取真实的专用密钥,且因此确实是其所代表的实体。 If the decrypted data matches the data sent by the other party, then this show is really the identity of the object owner can access real private key, and therefore is indeed the entity they represent.

[0348] 身份对象的第二用途是保护使用密码ID (例如RSA密钥本身)向IDO的所有者指定的数据。 The second use of [0348] the identity of the object is password protected ID (e.g. RSA key itself) designated by the owner of the data IDO. 所述数据预期使用IDO公共密钥来加密。 The expected data using the public key to encrypt IDO. 存储器装置10 (例如,存储器卡)将使用所述专用密钥来解密所述数据。 Memory device 10 (e.g., memory card) to use the private key to decrypt the data.

[0349] IDO是可针对任何类型的ACR创建的对象。 [0349] IDO is an object that can be created for any type of ACR. 在一个实施例中,ACR可仅具有一个IDO对象。 In one embodiment, ACR IDO may have only one object. 数据签署和保护特征均是SSA系统正提供给能够向ACR验证的任何实体的服务。 Data protection features are signed and SSA system is to provide services to any entity capable of ACR verification. IDO的保护等级与ACR的登录验证方案一样高。 IDO as high level of protection and ACR login authentication scheme. 可针对必然具有IDO的ACR选择任何验证算法。 You can select any authentication algorithm for ACR must have the IDO. 由创建者(主机)来决定和评估哪一算法可较好地保护IDO使用。 Determined by the creator (host) and evaluate which algorithm can better protect IDO use. 具有IDO的ACR 响应于获取IDO公共密钥的命令而提供其证书链。 ACR having IDO IDO acquisition command in response to the public key and its certificate chain.

[0350] 当IDO正用于数据保护时,从卡输出的经解密数据可能需要进一步保护。 [0350] IDO is being used when data protection, the decrypted data output from the card may need further protection. 在此情况下,鼓励主机使用通过可用验证算法的任一者建立的安全通道。 In this case, the host uses to encourage established by any of the available authentication algorithms secure channel.

[0351] 当创建IDO时,选择密钥长度以及H(CS#1版本。在一个实施例中,公共和专用密钥使用如H(CS#1V2. 1中定义的(指数,模数)表示形式。 [0351] When creating of IDO, select the key length, and H (CS # 1 version. In one embodiment, the use of public and private keys, such as H (CS # 1V2. 1 as defined in (index, modulus) represents form.

[0352] 在一个实施例中,创建IDO期间所包含的数据是选定长度中的RSA密钥对,以及递归地证实公共密钥的真实性的证书链。 [0352] In one embodiment, the data created during the IDO is included in a selected length of an RSA key pair, and recursively confirm the authenticity of the public key certificate chain.

[0353] 拥有IDO的ACR将允许签署用户数据。 [0353] The ACR has IDO will allow the user to sign data. 这通过两个SSA命令来完成:[0354] ·设定用户数据:提供待签署的自由格式数据缓冲器。 This is done by two SSA commands: [0354] * set user data: Provides free format data buffer to be signed.

[0355] ·获取SSA签名。 [0355] · acquire SSA signature. 卡将提供RSA签名(使用ACR专用密钥)。 Card will provide RSA signature (ACR using a private key). 所述签名的格式和大小可依据对象类型根据PKCS#1V1. 5或V2. 1来设定。 The size and format of the signature can be set according to the type of the object based on PKCS # 1V1. 5 or V2. 1.

[0356] 使用IDO的操作在图35-37中说明,其中存储器装置10为快闪存储器卡,且所述卡是IDO的所有者。 [0356] IDO using operations described in FIGS. 35-37, wherein the memory device 10 as a flash memory card, and the card is the owner of the IDO. 图35说明卡在签署发送到主机的数据时所实行的过程。 35 illustrates the process of signing the card when the data is sent to the host practiced. 参看图35, 在主机如由上述树结构的节点处的ACR所控制而被验证(方框80¾之后,卡等待主机对证书的请求(菱形804)。在接收到请求之后,卡发送证书并返回到菱形804以进行下一主机请求(方框806)。如果需要发送证书链以证明卡所拥有的IDO的公共密钥,那么重复以上动作直到链中所有证书已发送到主机为止。在每一证书已发送到主机之后,卡等待来自主机的其它命令(菱形808)。如果在预设时间周期内未从主机接收到命令,那么卡返回到菱形804。在从主机接收数据和命令后,卡检查确认命令是否用于签署数据(菱形810)。如果命令是用于签署数据,那么卡用IDO中的专用密钥签署数据并将经签署数据发送到主机(方框812)且返回到菱形804。如果来自主机的命令不是用于签署来自主机的数据,那么卡使用IDO中的专用密钥来解密所接收的数据(方框814)并返回 Referring then to FIG. 35, as controlled by the host node of the ACR tree structure is verified (block 80¾, the card waits for a request for a certificate of the host (diamond 804). Upon receiving the request, the card sends a certificate and returns to diamond 804 for the next request to the host (block 806). If transmit public key certificate chain to verify the cards have IDO, the above operation is repeated until all certificates in the chain until the host has sent in each after the certificate has been sent to the host waits for another command (diamond 808) from the host. If no command is received from the host within a predetermined time period, then the card returns to diamond 804. after data and commands received from the host, the card check command is used to sign data (diamond 810). If the command is used to sign the data, the data signed with the IDO card private key and sends the signed data to the host (block 812) and returns to diamond 804 If the command from the host is not used to sign the data from the host, then the IDO card private key to decrypt the data (block 814) and returns the received 菱形804。 Diamond 804.

[0357] 图36说明在卡签署待发送到主机的数据时主机所实行的过程。 [0357] FIG. 36 illustrates the signing process implemented when the host data is to be sent to the host in the card. 参看图36,主机将验证信息发送到卡(方框822)。 Referring to FIG 36, the host transmits the authentication information to the card (block 822). 在如由上述树结构的节点处的ACR所控制而成功验证之后,主机将对证书链的请求发送到卡并接收链(方框824)。 After the successful verification as controlled by ACR at a node of the tree structure, the host will request the certificate chain and the card is sent to the receiving chain (block 824). 在已检验卡的公共密钥之后,主机将数据发送到卡以用于签署并接收由卡的专用密钥签署的数据(方框826)。 After the test card has a public key, sends data to the host card for the signing and receiving data (block 826) signed by the private key of the card.

[0358] 图37说明当主机使用卡的公共密钥加密数据并将经加密数据发送到卡时主机所实行的过程。 [0358] FIG. 37 illustrates the use of the card when the host data and public key encryption process implemented when the host transmits the encrypted data to the card. 参看图37,主机将验证信息发送到卡(方框862)。 Referring to FIG 37, the host transmits the authentication information to the card (block 862). 在由ACR控制的验证成功执行之后,主机将对检验IDO中卡的公共密钥所需的证书链的请求发送到卡(方框864)并将对数据的请求发送到卡。 After the successful verification control performed by the ACR, the host will request inspection certificate chain required the IDO card public key is sent to the card (block 864) and sends the requested data to the card. 在已检验IDO中卡的公共密钥之后,主机使用卡的经检验公共密钥加密来自卡的数据并将其发送到卡(方框866、868)。 After having tested the IDO card public key, the public key encryption was tested host uses the card data from the card and send it to the card (block 866, 868).

[0359] 查询 [0359] Query

[0360] 主机和应用程序需要拥有关于正与其一起工作的存储器装置或卡的某些信息以便执行系统操作。 [0360] The host application and the need to have certain information about the operating system to perform memory card device, or a positive working together therewith. 举例来说,主机和应用程序可能需要知道存储在存储器卡上的哪些应用程序可用于调用。 For example, hosts and applications may need to know which applications are stored on the memory card can be used for calls. 主机所需的信息有时不是公共知识,这意味着并非每个人有权拥有所述信息。 Sometimes the information required host is not public knowledge, which means that not everyone is entitled to have the information. 因此,为了区分经授权和未经授权用户,需要提供可由主机使用的两种查询方法。 Therefore, in order to distinguish between authorized and unauthorized users, you need to provide two query methods used by the host.

[0361] 一般信息查询。 [0361] For general information inquiries. 此查询给出没有限制的系统公共信息。 This query gives the public information system without restrictions. 存储在存储器装置中的机密信息包括两个部分:共享部分和非共享部分。 Confidential information stored in the memory means comprises two parts: a shared portion and a non-shared part. 机密信息的一个部分包含可由个别实体专有的信息,使得应允许每一实体仅存取其自身的专有信息,而不能存取其它方的专有机密信息。 A partial secret information comprising information specific to an individual by an entity, each entity should be allowed only in such proprietary information whichever itself, and can not access confidential and proprietary information of the other party. 此类型的机密信息不共享,且形成机密信息的非共享部分。 This type of confidential information is not shared and non-shared form partial secret information.

[0362] 通常认为是公共的某些信息在一些情况下可能被视为机密的,例如驻存在卡中的应用程序的名称及其生命周期状态。 [0362] is generally considered to be some of the information the public may be considered confidential, in some cases, such as the name and status of the application lifecycle resident card. 此情形的另一实例可能是根ACR名称,其被认为是公共的但对于一些SSA使用情况可能是机密的。 Another example of this scenario may be a root ACR name, which is considered to be public, but for some SSA usage may be confidential. 对于这些情况,系统将响应于一般信息查询提供保持此信息仅可由所有经验证用户而不可由未经验证用户使用的选项。 For these cases, the system will respond to queries provide general information to keep all this information can only be validated by the user without the user the option to use unproven. 此类信息组成机密信息的共享部分。 Such information sharing part of the composition of confidential information. 机密信息的共享部分的实例可包含根ACR列表-当前存在于装置上的所有根ACR的列表。 Examples of the shared portion of the confidential information may comprise a list of root ACR - list of all the root ACR currently present on the device.

[0363] 通过一般信息查询对公共信息的存取不需要主机/用户登录到ACR中。 [0363] / user logs on to the ACR through no host access general information query of the public information. 因此已知SSA标准的任何人可执行和接收所述信息。 Thus any known standard executable SSA and receiving said information. 根据SSA术语,此查询命令在无对话号的情况下被处置。 According to SSA terms, this query command is disposed of without dialogue number of cases. 然而,如果需要实体对机密信息的共享部分的存取,那么所述实体需要首先通过控制对存储器装置中的数据的存取的控制结构的任一者(例如,ACR的任一者)经验证。 However, if access to a shared portion of the confidential information entity, said first entity needs by controlling a control structure of any one of the data storage device access (e.g., any one of the ACR) validated . 在成功验证之后,实体将能够通过一般信息查询存取机密信息的共享部分。 After successful authentication, the entity will be able to query access to confidential information by sharing part of general information. 如上文所阐释, 验证过程将产生用于存取的SSA对话号或id。 As explained above, the verification process will result in SSA conversation or id number for access.

[0364] 谨慎信息查询 [0364] cautious Information inquiry

[0365] 关于个别ACR及其系统存取和资产的专用信息视为谨慎的且需要明确验证。 [0365] ACR on individual and system-specific information and access to assets seen as cautious and need to be clearly verified. 因此,这种查询要求在接收对信息查询的授权之前进行ACR登录和验证(如果验证由ACR指定的话)。 Therefore, such a query requires ACR login and verify authorized to receive the information before the query (If the verification specified by the ACR words). 此查询需要SSA对话号。 This query requires SSA session number.

[0366] 在详细描述两种类型的查询之前,首先描述索引群组的概念作为用于实施查询的实践解决方案将是有用的。 [0366] Two types of queries before described in detail, the concept is first described as a practical index for implementing group query solutions would be useful.

[0367] 索引群组 [0367] Index Group

[0368] 主机上的操作系统(0¾和系统驱动程序请求在潜在SSA主机上运行的应用程序以指定既定被读取的扇区数目。这又意味着主机应用程序需要知道对于每个SSA读取操作需要读取多少扇区。 [0368] operating system (0¾ and system drivers requesting application running on potential SSA hosts to specify a given number of sectors to be read. This in turn means that the host host application needs to know to read for each SSA how much needs to read the operating sectors.

[0369] 因为查询操作的性质是供应一般不为请求信息的人知道的信息,所以主机应用程序发布查询和猜测此操作所需的扇区数目较困难。 [0369] Because of the nature of query operations are not generally aware of the supply of information for the person requesting the information, so the host application to issue queries and guess the number of sectors required for this operation more difficult.

[0370] 为了解决此问题,SSA查询输出缓冲器每查询请求仅由一个扇区(512字节)组成。 [0370] In order to solve this problem, SSA query output buffer for each query request by only one sector (512 bytes). 作为输出信息的一部分的对象以称为索引群组的群组来组织。 As part of the object is output to the group known as group index organized. 每一类型的对象可具有不同字节大小,这虑及可适合单一扇区的对象的数目。 The object of each type can have different byte sizes, the number of single sector may be adapted to allow for this object. 这定义此对象的索引群组。 This defines the group index for this object. 如果对象具有20字节大小,那么此对象的索引群组将含有至多达25个对象。 If the object having the size of 20 bytes, then the index of this object group containing up to 25 objects. 如果存在总共56个此类对象,那么其原本将组织在3个索引群组中,其中对象“0”(第一对象)将开始第一索引群组,对象“25”将开始第二索引群组,且对象50将开始第3(最后一个)索引群组。 If the total of 56 such objects exist, then the original tissue in three groups the index, wherein the object "0" (the first object) will begin to index a first group, the object "25" will begin a second group index group, and the object 50 to start the third (last) group index.

[0371] 系统查询(一般信息查询) [0371] system query (general information search)

[0372] 此查询提供关于装置中所支持的SSA系统和如同在装置上运行的不同树和应用程序被设置的当前系统的一般公共信息。 [0372] This query provides general information on public means supported in the SSA system and the current system as trees and various applications running on the device is provided. 类似于下文描述的ACR查询(谨慎查询),系统查询将经构造以给出若干查询选项: ACR is similar to the query (Query caution) described below, the system queries constructed to give a number of query options:

[0373] · 一般-支持SSA的版本。 [0373] * General - SSA-supported version.

[0374] · SSA应用程序-当前存在于装置上的所有SSA应用程序(包含其运行状态)的列表。 · [0374] SSA application - SSA list of all applications currently present on the device (including its operating state).

[0375] 上文列举的信息是公共信息。 [0375] the information listed above is public information. 与ACR查询一样,为了排除主机需要知道针对查询输出缓冲器读取多少扇区,将有一个扇区从装置发送回,同时仍使主机能够进一步查询额外索引群组。 Like the ACR query, in order to exclude the host needs to know how to read a sector inquiry for the output buffer, there will be a sector sent back from the device while still enabling the host to inquire further additional index group. 因此,如果根ACR对象的数目超过针对索引群组“0”的输出缓冲器大小,那么主机可关于随后的索引群组(“1”)发送另一查询请求。 Thus, if the number of root index for the object exceeds ACR Groups "0" in the output buffer size, then the host can be indexed on a subsequent group ( "1") sends another query request.

[0376] ACR查询(谨慎信息查询) [0376] ACR Query (caution information inquiry)

[0377] SSAACR查询命令希望向ACR用户供应关于ACR的系统资源(比如密钥和应用程序ID、分区和子代ACR)的信息。 [0377] SSAACR query hope supply information about the ACR's system resources (such as keys and an application ID, partition and offspring ACR) ACR to the user. 查询信息仅关于登录的ACR且没有关于系统树上的其它ACR 的信息。 Log on ACR query information only and has no other information about the ACR system of the tree. 换句话说,存取仅限于机密信息的在所涉及的ACR的许可下可存取的所述部分。 In other words, access to confidential information is restricted at the portion of the license involved ACR may access.

[0378] 存在用户可查询的三种不同的ACR对象:[0379] 分区-名称和存取权(所有者、读取、写入)。 Three different [0378] exists the user can query the object ACR: [0379] Partition - name and access (owner, read, write).

[0380] 密钥ID和应用程序ID-名称和存取权(所有者、读取、写入)。 [0380] Key ID and the application name and ID- access (owner, read, write). [0381 ] 子代ACR-直接子代ACR的ACR和AGP名称。 [0381] offspring ACR- ACR direct descendant of ACR and AGP name.

[0382] IDO和安全数据对象(下文描述)_名称和存取权(所有者、读取、写入)。 [0382] IDO and secure data object (described below) and access _ name (owner, read, write).

[0383] 因为与ACR连接的对象的数目可变化且信息可能多于512字节(一个扇区)。 [0383] Since the number of objects connected with the ACR messages may be varied and more than 512 bytes (one sector). 在事先不知道对象的数目的情况下,用户没有办法知道需要从装置中的SSA系统读取多少扇区以便获取完全列表。 Not known in advance at a number of objects, the user no way to know how many sectors to be read from the apparatus in order to obtain a complete list of the SSA system. 因此,SSA系统提供的每一对象列表划分为索引群组,类似于上述系统查询的情况。 Therefore, each object SSA system provides a list of the index are divided into groups, similar to the above system queries. 索引群组是配合到一个扇区中的对象的数目,即可在一个扇区中将多少对象从装置中的SSA系统发送到主机。 Group is fit to the index number of a sector of an object, how many objects can be sent to the host device from the SSA system in the one sector. 这使装置中的SSA系统发送所请求索引群组的一个扇区。 This enables the SSA system to a sector index means to send the requested group. 主机/用户将接收所查询对象的缓冲器,缓冲器中的对象的数目。 Host / user will receive the query object buffer, the number of objects in the buffer. 如果缓冲器已满,那么用户可查询下一对象索引群组。 If the buffer is full, then the user can query the next index target group.

[0384] 图38是说明涉及一般信息查询的操作的流程图。 [0384] FIG. 38 is a flowchart of the operation in general relates explanatory information query. 参看图38,当SSA系统从实体接收一般信息查询时(方框902),系统确定实体是否已被验证(菱形904)。 Referring to FIG. 38, when (block 902) SSA system entity receives from the general information query, the system determines whether an entity has been verified (diamond 904). 如果其已被验证,那么系统向实体供应公共信息和机密信息的共享部分(方框906)。 If it has been verified, then share part of the system serves public and confidential information to an entity (block 906). 如果其未被验证,那么系统仅向实体供应公共信息(方框908)。 If it is not verified, the system serves public information (block 908) only to the entity.

[0385] 图39是说明涉及谨慎信息查询的操作的流程图。 [0385] FIG. 39 is a flowchart illustrating the operation involving careful explanatory information query. 参看图39,当SSA系统从实体接收谨慎信息查询时(方框922),系统确定实体是否已被验证(菱形924)。 Referring to FIG. 39, when (block 922) SSA system receives a query from the entity caution information, the system determines whether an entity has been verified (diamond 924). 如果其已被验证,那么系统向实体供应机密信息(方框926)。 If it has been verified, the system supply confidential information to an entity (block 926). 如果其未被验证,那么系统拒绝实体对机密信息的存取(方框928)。 If it is not verified, the system rejects the access to confidential information entity (block 928).

[0386] 特征集延伸(FSE) [0386] extend the feature set (FSE)

[0387] 在许多情况下,非常有利的是在卡上的SSA内部运行数据处理活动(例如,DRM许可证对象确认)。 [0387] In many cases, it is very advantageous SSA internal operating data processing activity on the card (eg, DRM license objects confirmation). 所得系统相对于其中所有数据处理任务均在主机上执行的替代解决方案来说将较安全、较有效,且较不依赖于主机。 The resultant system wherein an alternative solution with respect to all data processing tasks are executed on the host, it will be safer, more efficient, and less dependent on the host.

[0388] SSA安全性系统包括一组验证算法和授权策略,其经设计以控制对由存储器卡存储、管理和保护的对象的集合的存取及其使用。 [0388] SSA security system comprises a set of authentication and authorization policies algorithms which are designed to control access and use by a memory card storing a set of management and protection of the object. 一旦主机获得存取权,主机就将接着对存储在存储器装置中的数据实行处理,其中对存储器装置的存取由SSA控制。 Once the host access is obtained, the host will then carry out processing of data stored in the memory means, wherein access to the memory means by the control SSA. 然而,假定数据在性质上极大程度上为应用特定的,且因此SSA中未定义数据格式也未定义数据处理,所述SSA不处理存储在装置上的数据。 However, assuming that data to a large extent on the nature of the particular application, and thus the data format of the SSA are also undefined undefined data processing, the SSA does not process data stored on the device.

[0389] 本发明的一个实施例基于以下认识:SSA系统可经增强以允许主机执行通常由主机在存储器卡中执行的功能中的一些功能。 [0389] An embodiment of the present invention is based on the realization: SSA system may be enhanced to allow the host to perform some of the functions normally performed by the memory card host. 因此,主机的一些软件功能可分为两个部分:一个部分仍由主机执行且另一部分现由卡执行。 Therefore, the host of some of the software features can be divided into two parts: one part and the other part still host performs now performed by the card. 这增强了针对许多应用程序的数据处理的安全性和效率。 This enhances the safety and efficiency of data processing for many applications of. 出于这个目的,可添加称为FSE的机制以增强SSA的能力。 For this purpose, you can add a mechanism known as the FSE to enhance the ability of SSA. FSE中由卡以此方式执行的主机应用程序在本文中也称为内部应用程序或装置内部应用程序。 FSE host application program executed by the card in this manner is also referred to herein as internal applications or device within the application.

[0390] 增强的SSA系统提供用以延伸基本SSA命令集的机制,其经由卡应用程序的引入提供对卡的验证和存取控制。 [0390] The SSA system provides an enhanced mechanism for extending substantially SSA command set that provides authentication and access control of the card through the card application is introduced. 假定卡应用程序除了SSA的那些服务以外还实施其它服务(例如,DRM方案、电子商务交易)。 It assumes card application in addition to those services SSA also implement other services (for example, DRM solutions, e-commerce transactions). SSA特征集延伸(FSE)是经设计以增强具有数据处理软件/硬件模块(其可为专有的)的标准SSA安全性系统的机制。 SSA extension feature set (FSE) is a mechanism designed to enhance the security standards SSA data processing system having a software / hardware module (which may be proprietary) a. 由SSA FSE系统定义的服务使主机装置除了可使用上述查询获得的信息外还能够向卡查询可用应用程序,选择特定应用程序并与特定应用程序通信。 Defined by the SSA FSE system allows the host device may be used in addition to the information described above can also be obtained by the inquiring available applications to query the card, select a particular application and communicate with a particular application. 上文描述的一般和谨慎查询可用于此目的。 Described above are generally used for this purpose and careful inquiry. [0391] 利用延伸SSA FSE中的卡特征集的两种方法: [0391] With the extension of the two methods of collecting Carter in SSA FSE:

[0392] •提供服务-通过允许经授权实体使用称为通信管道的命令通道(其可为专有的) 直接与内部应用程序通信来启用此特征。 [0392] • providing services - and inter-application communication directly through to enable this feature allows authorized entities called communication pipe command channel (which may be proprietary).

[0393] *SSA标准存取控制策略的延伸-通过使内部受保护数据对象(例如,CEK、安全数据对象或下文描述的SD0)与内部卡应用程序相关联来启用此特征。 [0393] * SSA standard access control policy extending - protected by the internal data object (e.g., CEK, or a secure data object described below SD0) Internal associated with the card application to enable this feature. 每当存取此对象时,如果满足所定义的标准SSA策略,那么调用相关联的应用程序以借此除了标准SSA策略外还强加至少一个条件。 Whenever access this object, if the standard SSA policies defined satisfied, then call the associated application to take this addition to the standard SSA policies also impose at least one condition. 此条件优选地将不与标准SSA策略冲突。 Preferably, this condition will not conflict with the standard SSA policies. 仅当同样满足此额外条件时才准予存取权。 Only if this condition is also to meet additional grant access. 在进一步详细阐述FSE的能力之前,现将叙述FSE的结构方面以及通信管道和SDO。 Before further elaboration capacity FSE detail, it will now be described in structure and the FSE communication pipe and SDO.

[0394] SSM模块和相关模块 [0394] SSM module and associated modules

[0395] 图40A是连接到主机装置M的存储器装置10 (例如,快闪存储器卡)中的系统结构1000的功能方框图,其用以说明本发明的一实施例。 [0395] FIG. 40A is connected to the memory device M to the host device 10 (e.g., a flash memory card) functional block diagram of a system configuration 1000 in which for explaining an embodiment of the present invention. 卡20的存储器装置中的软件模块的主要组件如下: The memory card device 20 of the major components of the following software modules:

[0396] SSA 传送层1002 [0396] SSA transport layer 1002

[0397] SSA传送层依赖于卡协议。 [0397] SSA transport layer protocol depends on the card. 其在卡10的协议层上处置主机侧SSA请求(命令), 且接着将其中继到SSM API。 At its disposal the host side SSA request (command) protocol layer on the card 10, and then relays it to SSM API. 所有主机-卡同步和SSA命令识别均在此模块处完成。 All the hosts - synchronization and SSA command identification cards were completed in this module. 传送层还负责主机M与卡10之间的所有SSA数据传递。 SSA transport layer is also responsible for all M data transfer between the host and the card 10.

[0398] 安全服务模块核心(SSM核心)1004 [0398] Core Security Services Module (SSM core) 1004

[0399] 此模块是SSA实施方案的重要部分。 [0399] This module is an important part of the SSA embodiment. SSM核心实施SSA结构。 SSM embodiment SSA core structure. 更明确地说,SSM核心实施SSA树和ACR系统以及上文描述的组成系统的所有相应规则。 More specifically, SSM and ACR core embodiment tree SSA system and all components of the system corresponding to the rules described above. SSM核心模块使用密码库1012来支持SSA安全性和密码特征,例如加密、解密和散列。 SSM core module using a password library 1012 to support security and cryptography features SSA, such as encryption, decryption and hashing.

[0400] SSM 核心API 1006 [0400] SSM Core API 1006

[0401] 这是其中主机和内部应用程序将与SSM核心介接以实行SSA操作的层。 [0401] This is where the host and the interface with the internal application SSM via the core layer to effect operation of the SSA. 如图40A 所示,主机M和内部装置应用程序1010两者将使用相同API。 As shown in FIG. 40A, 1010 both of the master M and the internal device application will use the same API.

[0402] 安全应用程序管理器模块(SAMM) 1008 [0402] Application Security Manager Module (SAMM) 1008

[0403] SAMM不是SSA系统的一部分,但其是卡中控制与SSA系统介接的内部装置应用程序的重要模块。 SAMM is not part of the SSA system [0403], but it is an internal card control device application interfacing with the SSA system key module.

[0404] SAMM管理所有内部装置运行应用程序,其包含: [0404] SAMM manages all internal device running applications, comprising:

[0405] 1.应用程序生命周期监视和控制。 [0405] 1. The application life cycle monitor and control.

[0406] 2.应用程序初始化。 [0406] 2. The application initialization.

[0407] 3.应用程序/主机/SSM接口。 [0407] 3. Application / host / interface to the SSM.

[0408] 装置内部应用程序1010 [0408] internal application means 1010

[0409] 这些是经批准在卡侧运行的应用程序。 [0409] These are the approved application running on the card side. 其由SAMM管理且可能够存取SSA系统。 And may be managed by the SAMM which can be accessed by the SSA system. SSM核心还提供主机侧应用程序与内部应用程序之间的通信管道。 SSM core also provides a host-side communication pipe between the internal applications and applications. 此类内部运行应用程序的实例是DRM应用程序和一次性密码(OTP)应用程序,如下文进一步阐释。 Examples of such applications is running inside the application and the DRM time password (OTP) application, as further explained.

[0410] 装置管理系统(DMS)IOll [0410] Device Management System (DMS) IOll

[0411] 这是含有在运输后(通常称为发布后)模式中更新卡的系统和应用程序固件以及添加/去除服务所需的过程和协议的模块。 [0411] This update is contained in the transport cards (commonly referred to as post-release) mode, system and application firmware, and add / remove modules process the required services and protocols.

[0412] 图40B是SSM核心1004的内部软件模块的功能方框图。 [0412] FIG. 40B is a functional block diagram 1004 of the core SSM internal software modules. 如图40B所示,核心1004包含SSA命令处置器1022。 As shown in FIG. 40B, the core 1004 comprises a processor 1022 SSA command. 处置器1022在源自主机或源自装置内部应用程序1010的SSA 命令传递到SSA管理器IOM之前解析所述命令。 SSA command handler 1022 in the host or from an internal application means 1010 is transmitted to the originating SSA manager parses the command before IOM. 所有SSA安全性数据结构(例如AGP和ACR)以及所有SSA规则和策略均存储在SSA数据库10¾中。 All SSA security data structure (such as AGP and ACR) and all SSA rules and policies are stored in the SSA database 10¾ in. SSA管理器IOM实施由ACR 和AGP以及存储在数据库10¾中的其它控制结构施加的控制。 SSA Manager IOM embodiment controls other control structures in the database are applied by 10¾ ACR and AGP, and storage. 例如IDO和安全数据对象等其它对象也存储在SSA数据库10¾中。 E.g. IDO and secure data object and other objects are also stored in the SSA database 10¾. SSA管理器IOM实施由ACR和AGP以及存储在数据库10¾中的其它控制结构施加的控制。 SSA Manager IOM embodiment controls other control structures in the database are applied by 10¾ ACR and AGP, and storage. 不涉及SSA的非安全操作由SSA非安全操作模块10¾处置。 SSA does not involve non-secure operation of 10¾ disposal of the SSA non-secure operating module. SSA结构下的安全操作由SSA安全操作模块1030处置。 Safe operation in the structure 1030 is handled by the SSA SSA safe operation of the module. 模块1032是将模块1030连接到密码库1012的接口。 Module 1032 is connected to the interface module 1030 to 1012 of the password database. 1034是将模块10¾和10¾连接到图1中的快闪存储器20的层。 The module 1034 is connected to the 10¾ and 10¾ layer in the flash memory 20 of FIG. 1.

[0413] 通信(或通过)管道 [0413] communications (or by) conduit

[0414] 通过管道对象使经授权主机侧实体能够与如由SSM核心和SAMM控制的内部应用程序通信。 [0414] that the entity authorized to communicate with the host-side internal control applications by SSM core and SAMM pipeline object. 主机与内部应用程序之间的数据传递在发送和接收命令(下文定义)上实行。 Internal data between the host and application passes on the command to implement the transmission and reception (defined below). 实际命令是应用程序特定的。 The actual command is application-specific. 创建管道的实体(ACR)将需要提供管道名称和其将开放通道到的应用程序的ID。 Creating entity pipe (ACR) will need to provide the name of the pipe and its passage will be open to the ID of the application. 与所有其它受保护对象一样,ACR变成其所有者且被允许根据标准授权规则和限制向其它ACR授权使用权以及所有权。 As with all other protected objects, ACR become its owner and be allowed to authorize the use of the right to ownership and other ACR standard authorization rules and restrictions.

[0415] 如果在经验证实体的ACAM中已设定创建_管道许可,那么经验证实体将被允许创建管道对象。 [0415] If confirmed by the experience of ACAM body has been set created _ pipeline license, experience has demonstrated that the body will be allowed to create a pipe object. 仅当在内部应用程序的PCR中已设定写入或读取管道许可时,才允许与内部应用程序的通信。 Only when it has been set to permit writing to or reading conduit in internal applications in PCR, allowed to communicate with the internal applications. 仅当实体是管道所有者或在其PCR中已设定授权存取权时,才允许所有权和存取权授权。 Only when the entity is the owner or pipe is set in its authorized access right of PCR, the permitted ownership and access authorization. 与当向另一ACR授权所有权权利时的所有其它许可一样,原始所有者将优选地从所有其对此装置应用程序的许可剥离。 As with all other licenses authorizing when ownership rights to another ACR, the original owner will preferably be from all of its licenses for this peeling device application.

[0416] 优选地,仅针对特定应用程序创建一个通信管道。 [0416] Preferably, only create a communication pipe for a specific application. 创建第二管道并将其连接到已连接的应用程序的尝试将优选地被SSM系统1000拒绝。 Creating a second conduit and attempts to connect to the connected application will preferably be rejected SSM system 1000. 因此,优选地,装置内部应用程序1010的一者与通信管道之间存在一对一关系。 Thus, preferably, one to one relationship exists between the internal applications 1010 and the communication device by a duct. 然而,多个ACR可与一个装置内部应用程序通信(经由授权机制)。 However, a plurality of communication ACR programmable device with internal application (via the authorization mechanism). 单一ACR可与若干装置应用程序通信(经由授权或连接到不同应用程序的多个管道的所有权)。 Single ACR may communicate with a plurality of device application (or via a plurality of pipes connected to different authorization application ownership). 控制不同管道的ACR优选地位于完全分离的树的节点中,使得通信管道之间不存在串扰。 ACR control different channels preferably located completely separate tree node, such that no crosstalk between the communication pipe.

[0417] 使用以下命令在主机与特定应用程序之间传递数据: [0417] using the following command to transfer data between the host and the particular application:

[0418] 写入通过(WRITE PASS THROUGH)-将从主机将未格式化数据缓冲器传递到装置内 [0418] By writing (WRITE PASS THROUGH) - the unformatted data from the host to the transfer buffer means

部应用程序。 Department application.

[0419] 读取通过(READ PASS THROUGH)-将从主机将未格式化数据缓冲器传递到装置内部应用程序,且一旦内部处理完成,就将未格式化数据缓冲器输出回到主机。 [0419] By reading (READ PASS THROUGH) - unformatted data from the host to the transfer buffer means within the application, and once the internal processing is completed, it will not return to the host data buffer output formatter.

[0420] 写入和读取通过命令提供主机希望与其通信的装置内部应用程序1008的ID作为参数。 [0420] providing the write and read by the host wishes to communicate commands within the application device ID 1008 as an argument. 将确认实体许可,且如果请求实体(即,代管此实体正使用的对话的ACR)具有使用连接到所请求应用程序的管道的许可,那么数据缓冲器将被解译且执行命令。 The license validation entity, and if the requesting entity (i.e., the entity hosting ACR dialogue being used) is connected to the pipe with the use of the application requested license, then the data buffer will be interpreted and executed by command.

[0421] 此通信方法允许主机应用程序将卖主/专有特定命令通过SSA ACR对话通道传递到内部装置应用程序。 [0421] This method of communication allows the host application vendor / proprietary specific commands transmitted to the interior of the device by application dialogues SSA ACR channel.

[0422] 安全数据对象(SDO) [0422] Safety data objects (SDO)

[0423] 可结合FSE使用的有用对象是SD0。 Useful Object [0423] can be used in conjunction with the FSE SD0.

[0424] SDO充当用于敏感信息的安全存储的通用容器。 [0424] SDO generic container serves as a secure storage of sensitive information. 类似于CEK对象,其为ACR所有,且可在ACR之间授权存取权和所有权。 CEK similar objects, which are all ACR, and may authorize access between the ACR and ownership. 其含有根据预定义策略限制而受保护和使用的数据,且任选地具有到装置内部应用程序1008的链接。 Which contains the protected data and use restriction according to a predefined policy, and optionally with a link within the application means 1008. 敏感数据优选地不由SSA系统使用或解译,而是由对象的所有者和用户使用或解译。 Preferably sensitive data help SSA system or interpreted, but rather interpreted by the owner and the user or object. 换句话说,SSA系统不辨出由其处置的数据中的信息。 In other words, SSA system does not distinguish information data in its disposal. 以此方式,对象中的数据的所有者和用户可较不关注于当在主机与数据对象之间传递数据时由于与SSA系统介接而引起的敏感信息的损失。 In this manner, the owner and user data objects of interest may be less sensitive to the loss of information when the transmitted data between the host and the data object is interfaced with the SSA system is caused. 因此,SDO对象由主机系统(或内部应用程序)创建,且被指派有串ID,与创建CEK的方式类似。 Thus, the SDO objects created by the host system (or an internal application), and is assigned a string ID, and CEK create similar manner. 在创建后,主机除了名称外还提供链接到SDO的应用程序的应用程序ID,和将由SSA存储、进行完整性检验以及检索的数据区块。 After you create, in addition to the host name also it provides a link to the application SDO application ID, and by the SSA storage, and data integrity test block retrieval.

[0425] 类似于CEK,优选地仅在SSA对话内创建SD0。 [0425] similar to CEK, preferably only created within the SSA SD0 dialogue. 用于打开对话的ACR变成SDO的所有者且有权将其删除、写入和读取敏感数据以及向另一ACR(其子代或在同一AGP内)授权所有权和存取SDO的许可。 ACR for open dialogue becomes the owner of the SDO and the right to delete, write and read sensitive data and to another ACR (or its progeny in the same AGP) license ownership and access SDO.

[0426] 专门为SDO的所有者保留写入和读取操作。 [0426] exclusively reserved for the owner of the write and read operations SDO. 写入操作用所提供的数据缓冲器重写现有SDO对象数据。 Writing operation overwrites existing data SDO object data buffer provided. 读取操作将检索SDO的完整数据记录。 Read operations to retrieve the complete data records SDO.

[0427] 向具有适当存取许可的非所有者ACR允许SDO存取操作。 [0427] SDO allow access operation to access the non-owner ACR has the appropriate permission. 定义以下操作: Define the following actions:

[0428] ·设定SD0,应用程序ID已定义:数据将由具有应用程序ID的内部SSA应用程序处理。 [0428] and setting SD0, application ID has been defined: SSA data by having an internal application ID of the application process. 应用程序通过与SDO的关联而被调用。 The application is invoked by associating with the SDO. 作为任选结果,应用程序将写入SDO对象。 Optionally, as a result, the application program writes SDO object.

[0429] •设定SD0,应用程序ID为空:此选项无效且将提示非法命令错误。 [0429] • set SD0, Application ID is empty: This option is not valid and will prompt an illegal command error. 设定命令需要在卡中运行的内部应用程序。 Command set required to run internal applications in the card.

[0430] ·获取SD0,应用程序ID已定义:请求将由具有应用程序ID的装置内部应用程序处理。 [0430] - Get SD0, the application ID is already defined: by the request means having an internal application ID of the application process. 应用程序通过与SDO的关联而被调用。 The application is invoked by associating with the SDO. 输出(尽管未定义)将被发送回到请求者。 Output (although undefined) will be sent back to the requester. 应用程序将任选地读取SDO对象。 The application reads optionally SDO object.

[0431] •获取SD0,应用程序ID为空:此选项无效且将提示非法命令错误。 [0431] • obtain SD0, Application ID is empty: This option is not valid and will prompt an illegal command error. 获取命令需要在卡中运行的内部应用程序。 Obtaining internal applications need to run the command in the card.

[0432] · SDO相关许可:ACR可以是SDO所有者或仅具有存取许可(设定、获取或两者)。 [0432] · SDO relevant permits: ACR may be the owner or SDO only access permissions (set, get, or both). 另外,可准许ACR将其存取权传递到其不拥有的SD0,传递到另一ACR。 Further, it may be permitted access to the ACR to transfer it does not have SD0 is transmitted to another ACR. 可明确地准许ACR 创建SDO并在其具有ACAM许可的情况下授权存取权。 ACR may be explicitly permitted to create SDO and authorized access in its case with a ACAM permission.

[0433] 内部ACR [0433] Internal ACR

[0434] 内部ACR类似于任何具有PCR的ACR,只是装置10的外部实体不能登录到此ACR。 [0434] Like any internal ACR ACR with PCR, but external entity apparatus 10 can not log in to this ACR. 事实上,当调用处于其控制下的对象或与其相关联的应用程序时,图40B的SSA管理器IOM 自动登录到内部ACR。 In fact, when the object is invoked under its control or applications associated therewith, FIG. 40B SSA Manager IOM automatically log on to the internal ACR. 由于试图获取存取权的实体是卡或存储器装置内部的实体,所以不需要验证。 Since trying to obtain access to the entity is a memory card or the inside of the apparatus body, it does not require authentication. SSA管理器IOM将简单地将对话密钥传递到内部ACR以启用内部通信。 SSA manager IOM will simply be transferred to the internal ACR session key to enable internal communication.

[0435] 将使用两个实例说明FSE的能力:一次性密码产生和数字权利管理。 [0435] The two examples illustrate the ability to use the FSE: one-time password generation and digital rights management. 在描述一次性密码产生实例之前,将首先叙述双因素验证的问题。 Before describing the one-time password generated instance, will be described first problem of the two-factor authentication.

[0436] OTP实施例 [0436] OTP Example

[0437] 双因素验证(DFA) [0437] two-factor authentication (DFA)

[0438] DFA是验证协议,其经设计以通过将额外秘密“第二因素”添加到标准用户凭证(即,用户名称和密码)来增强向(作为一实例)网络服务服务器的个人登录安全性。 [0438] DFA is an authentication protocol, which is designed to pass the "second factor" additional secrets to the standard user credentials (ie, user name and password) to be enhanced (as an example) personal network server login security service . 第二秘密通常是存储用户所拥有的物理安全令牌中的某一内容。 The second secret is usually a physical security token stored content owned by the user in. 在登录过程期间,用户需要提供所拥有的证明作为登录凭证的一部分。 During the login process, users need to provide proof owned as part of the login credentials. 证明拥有的通常使用的方式是使用一次性密码(OTP),即仅适于单一登录的密码,其由安全令牌产生并从安全令牌输出。 Have proved generally used way is to use a one-time password (the OTP), i.e. only a single sign adapted password, which is produced by and output from the security token security token. 如果用户能够提供正确的OTP,那么其被认为是拥有令牌的充分证明,因为其不能以密码方式实行在没有令牌的情况下计算OTP。 If you can provide the correct OTP, then it is considered to have fully proved token, because it can not carry out the calculation in the absence of OTP tokens cryptographically case. 由于OTP仅适于一次登录,所以用户应在登录时具有令牌,因为从先前登录俘获的旧密码的使用将不再有效。 Since OTP is suitable only once logged in, the user should have a token when you log in, because from the use of previously captured login old password is no longer valid.

[0439] 以下段落中描述的产品利用SSA安全性数据结构,加上一个FSE设计以计算OTP 序列中的下一密码,从而以多个“虚拟”安全令牌实施快闪存储器卡,每一“虚拟”安全令牌产生不同序列的密码(其可用于登录到不同网站)。 [0439] Products described in the following paragraphs using SSA security data structure, plus a FSE sequence designed to calculate a next password OTP, thereby a plurality of "virtual" flash memory card security tokens embodiment, each " virtual "security token is generated passwords for different sequences (which can be used to log on to a different site). 此系统的方框图在图41中描绘。 A block diagram of the system 41 is depicted in FIG.

[0440] 完整的系统1050包括验证服务器1052、因特网服务器10M和用户1056以及令牌1058。 [0440] System 1050 includes a full authentication server 1052, an Internet server 10M, and the user token 1056 and 1058. 第一步骤是约定验证服务器与用户之间的共享秘密(也称为种子供应)。 The first step is to verify the agreed shared secret between the server and the user (also known as seed supply). 用户1056 将请求发布秘密或种子且将把它存储在安全令牌1058中。 1056 will publish a user requests a secret or seed and will store it in a secure token 1058. 下一步骤是将所发布的秘密或种子与特定网络服务服务器联系。 The next step is the release of secret or seed associated with a particular network service server. 一旦这完成,就可发生验证。 Once this is completed, the verification can occur. 用户将指示令牌产生OTP。 Token is generated indicating the user OTP. OTP和用户名称及密码发送到因特网服务器ΙΟΜ。 OTP and the user name and password are sent to the Internet server ΙΟΜ. 因特网服务器10M将OTP转发到验证服务器1052,从而要求其检验用户身份。 Internet server 10M will be forwarded to the OTP authentication server 1052, requiring that test user. 验证服务器也将产生0ΤΡ,且由于其是从与令牌共享的秘密产生,所以其应与从令牌产生的OTP匹配。 The authentication server also generates 0ΤΡ, and because it is generated from the secret shared with the token, so it should match the OTP token from generating. 如果找到匹配,那么检验用户身份且验证服务器将把肯定确认传回到因特网服务器1054,因特网服务器10M将完成用户登录过程。 If a match is found, then verify the user identity and authentication server will certainly confirm back to 1054 Internet server, Internet server 10M will complete the user login process.

[0441] 用于OTP产生的FSE实施方案具有以下特性: FSE embodiment [0441] for the OTP produced has the following characteristics:

[0442] · OTP种子安全地存储(加密)在卡中。 [0442] · OTP seed is securely stored in the card (encrypted).

[0443] •在卡内部执行密码产生算法。 [0443] • generation algorithm performed internally in the card password.

[0444] ·装置10可模仿多个虚拟令牌,其每一者存储不同种子,且可使用不同的密码产生算法。 [0444] Apparatus mimic over 10 virtual tokens, each of which stores a different seed, and can be generated using different cryptographic algorithms.

[0445] ·装置10提供安全协议以将种子从验证服务器传送到装置中。 [0445] Apparatus 10 provides a secure protocol to transfer seed from the authentication server to the device.

[0446] 用于OTP种子供应和OTP产生的SSA特征在图42中说明,其中实线箭头说明所有权或存取权,且虚线箭头说明关联或链路。 SSA wherein [0446] a seed supply and OTP OTP generated in the FIG. 42 illustrates, solid arrows illustrate ownership or access, and the dotted line arrows describe the link or links. 如图42所示,在SSA FSE系统1100中,可通过由N个应用程序ACR 1106的每一者控制的一个或一个以上通信管道1104存取软件程序代码FSE 1102。 One or more communication conduits as shown in FIG SSA FSE system 1100 can be controlled by each of the N applications of ACR 1106 421104 access software program code FSE 1102. 在下文描述的实施例中,仅说明一个FSE软件应用程序,且对于每一FSE应用程序,仅存在一个通信管道。 In the embodiment described below, illustrates only one software application FSE, FSE and for each application, there is only one communication pipeline. 然而,将了解,可利用一个以上FSE应用程序。 However, it will be appreciated that more than one can be used FSE application. 虽然图42中仅说明一个通信管道,但将了解,可使用多个通信管道。 Although FIG. 42 illustrates only a communication pipe, it will be appreciated that a plurality of communication channels may be used. 所有此类变化均是可能的。 All such variations are possible. 参看图40A.40B和42,FSE 1102可以是用于OTP供应的应用程序并形成图40A的装置内部应用程序1010的子集。 Referring to FIGS. 40A.40B and 42, FSE 1102 may be used to supply the application OTP and internal applications forming apparatus 40A in FIG subset 1010. 控制结构(ACR 1101、1103、1106、1110)是SSA中的安全性数据结构的一部分且存储在SSA数据库10¾中。 Control structure (ACR 1101,1103,1106,1110) are part of the security data structure of the SSA in the SSA and stored in a database 10¾. 例如IDO 1120、SD0对象1122和通信管道1104等数据结构也存储在SSA数据库10¾中。 E.g. IDO 1120, SD0 communication pipe 1104 and the object 1122 and the like are also stored in the data structure of the SSA database 10¾.

[0447] 参看图40A和40B,涉及ACR和数据结构的安全性相关操作(例如,对话中的数据传递,和例如加密、解密和散列等操作)由模块1030在接口1032和密码库1012的辅助下处置。 [0447] Referring to FIGS. 40A and 40B, security-related operations involving ACR and data structures (e.g., conversation data transfer, and encryption operations e.g., decryption and hashing, etc.) from the interface module 1030 and a password 1032 of the library 1012 assisted disposal. SSM核心API 1006不区分涉及与主机交互的ACR(外部ACR)和不与主机交互的内部ACR的操作,且因此不区分涉及主机与装置内部应用程序1010的操作。 SSM Core API 1006 does not distinguish between host involve interaction with the ACR (ACR external) and not with the internal operation of the ACR host interactions, and therefore does not distinguish between host and device operation involves internal applications 1010. 以此方式,相同控制机制用于控制主机侧实体的存取和装置内部应用程序1010的存取。 In this manner, the same control mechanism for controlling access to the host entity and internal applications to access device 1010. 这提供在主机侧应用程序与装置内部应用程序1010之间划分数据处理的灵活性。 This provides flexibility in partitioning the host-side data processing between the application and the device 1010 internal applications. 内部应用程序1010(例如,图42中的FSE 1102)与内部ACR(例如,图42中的ACR 1103)相关联且通过内部ACR的控制被调用。 Internal applications 1010 (e.g., in FIG. 42 FSE 1102) with the internal ACR (e.g., in FIG. 42 ACR 1103) and the associated internal control is invoked by the ACR.

[0448] 此外,具有相关联SSA规则和策略的安全性数据结构(例如,ACR和AGP)优选地控制对例如SDO中的内容或可从SDO中的内容导出的信息等重要信息的存取,使得外部或内部应用程序仅可根据SSA规则和策略存取此内容或信息。 [0448] Further, SSA with associated rules and security policy of the data structure (e.g., the ACR and AGP) preferably controls access to information and other important information such as the content SDO or derivable from the content of the SDO, such that the internal or external application can only access this content, or information based on SSA rules and policies. 举例来说,如果两个不同用户可调用装置内部应用程序1010中的个别一者来处理数据,那么位于单独层级树中的内部ACR用于控制所述两个用户的存取,使得其间没有串扰。 For example, if two different user devices internal applications 1010 can invoke one individual to process the data, then the individual is located inside the hierarchical tree ACR for controlling user access to the two, so that no crosstalk therebetween . 以此方式,两个用户可存取装置内部应用程序1010的共同集来处理数据,而不会在SDO中的内容或信息的所有者方面担心失去对内容或信息的控制。 In this manner, two users can access a common set of internal application device 1010 to process data without fear of losing control over the content or information in the SDO information or content owner. 举例来说,对存储由装置内部应用程序1010存取的数据的SDO的存取可由位于单独层级树中的ACR控制,使得其间没有串扰。 For example, the memory may be located in a separate control ACR by the hierarchical tree accessing means SDO internal applications 1010 accessed data, such that there is no cross-talk therebetween. 此控制方式类似于上文描述的SSA控制对数据的存取的方式。 This control method is similar to the above described control of SSA data access. 这向内容所有者和用户提供存储在数据对象中的数据的安全性。 This provides the security of the data stored in the data object to the content owners and users.

[0449] 参看图42,OTP相关主机应用程序所需的软件应用程序代码的一部分有可能存储(例如,在存储器卡发布之前预先存储或在存储器卡发布之后加载)在存储器装置10中作为FSE 1102中的应用程序。 [0449] Referring to FIG. 42, the software application code required to host applications associated OTP is possible to store a portion (e.g., stored before the memory card is loaded or released pre-published after the memory card) as the FSE 1102 in the memory means 10 the application program. 为了执行此代码,主机将需要首先通过N个验证ACR 1106的一者验证,N是正整数,以便获取对管道1104的存取权。 To execute this code, the host will need to be verified by a person to verify the N ACR 1106, N being a positive integer, in order to obtain access to the pipeline 1104. 主机还将需要提供应用程序ID以便识别其希望调用的OTP相关应用程序。 Host will also need to provide OTP application ID to identify the relevant application they wish to call. 在成功验证之后,可存取此代码用于通过与OTP 相关应用程序相关联的管道1104执行。 Upon successful authentication, the access code can be used to perform the OTP via conduit 1104 associated with the relevant application. 如上所述,管道1104与特定应用程序(例如,OTP 相关内部应用程序)之间优选地存在一对一关系。 As described above, there is a one to one relationship between conduit 1104 preferably with a particular application (e.g., the OTP associated internal application). 如图42所示,多个ACR 1106可共享对共同管道1104的控制。 42, a plurality of ACR 1106 may share a common control conduit 1104. ACR也可控制一个以上管道。 ACR may control more than one pipe.

[0450] 图42中说明统称为对象1114的安全数据对象SDO 1、SDO 2和SDO 3,其每一者含有数据,例如用于OTP产生的种子,所述种子有价值且优选经加密。 [0450] FIG. 42 illustrates the secure data object referred to as an object 1114 SDO 1, SDO 2 and SDO 3, each of which contains data, for e.g. OTP seeds generated the seed value, and preferably encrypted. 三个数据对象与FSE 1102之间的链路或关联1108说明对象的属性,即当存取对象中的任一者时,具有在SDO的属性中的应用程序ID的FSE 1102中的应用程序将被调用,且所述应用程序将由存储器装置的CPU 12执行而不需要接收任何进一步主机命令(图1)。 Application link or association between the object and the three data FSE 1102 1108 described properties of the object, i.e., when the access subject any one having the properties of the SDO application ID FSE 1102 will It is invoked, and the program memory by means of the CPU 12 executes the application without receiving any further host command (FIG. 1).

[0451] 参看图42,在用户能够开始OTP过程之前,已创建安全性数据结构(ACR 1101、 1103、1106和1110),其PCR用于控制OTP过程。 [0451] Referring to FIG. 42, the user can start before the OTP process, the security data structure has been created (ACR 1101, 1103,1106 and 1110), for controlling the OTP process of PCR. 用户将需要具有存取权以通过验证服务器ACR 1106的一者调用OTP装置内部应用程序1102。 The user would need to have access to the authentication server by calling ACR 1106 OTP one internal application means 1102. 用户还将需要具有通过N个用户ACR 1110的一者对将产生的OTP的存取权。 Users will also need to have a person by the ACR 1110 N users' access to the OTP generated. 可在OTP种子供应过程期间创建SDOl 114。 You can create SDOl 114 during the OTP seed provisioning process. IDO 1116 优选地已创建且由内部ACR 1103控制。 IDO 1116 is preferably created and controlled by the internal ACR 1103. 内部ACR 1103还在创建SDOl 114之后控制所述SDO 1114。 ACR 1103 also creates internal control after the SDO 1114 114 SDOl. 当存取SDO 1114时,图40B中的SSA管理器10¾自动登录到ACR 1103。 When the access time 1114 SDO, in FIG 40B SSA 10¾ Manager automatically logs in to ACR 1103. 内部ACR 1103与FSE 1102相关联。 Internal ACR 1103 is associated with FSE 1102. 在如虚线1108展示的OTP种子供应过程期间,SDO 1114可变得与FSE相关联。 During the OTP seed supply process 1108 shown in phantom, SDO 1114 may become associated with the FSE. 在关联处于适当位置之后,当主机存取SDO时,关联1108将促使调用FSE 1102,而没有来自主机的进一步请求。 After the association is in place, when the host accesses the SDO, it will cause the call associated with 1108 FSE 1102, without further requests from the host. 当通过N个ACR 1106的一者存取通信管道1104 时,图40B中的SSA管理器10¾也将自动登录到ACR 1103。 When the access communication pipe 1104 by one of the N ACR 1106 in FIG. 40B SSA manager will be automatically logged into 10¾ ACR 1103. 在两种情况(存取SDO 1114 和管道1104)下,SSA管理器将把对话号传递到FSE 1102,所述对话号将识别到达内部ACR 1103的通道。 In both cases (1104 and pipe access SDO 1114) for, SSA manager will session number is transmitted to the FSE 1102, the session number identification ACR 1103 reach the inside of the channel.

[0452] OTP操作涉及两个阶段:图43中说明的种子供应阶段和图44中说明的OTP产生阶段。 [0452] OTP operation involves two stages: FIG. 43 illustrates the stages of seed supply 44 and the OTP generation stage described. 还将参看图40-42,其辅助描述。 Referring also to FIG 40-42, which aid in the description. 图43是说明种子供应过程的协议图。 Figure 43 is a protocol diagram seed supply process. 如图43所示, 主机(例如,主机以及卡采取各种动作。采取各种动作的卡上的一个实体是图40A和40B的SSM系统,包含SSM核心1004。采取各种动作的卡上的另一实体是图42所示的FSE 1102。 As shown, the host 43 (e.g., a host and a card to take various actions to take various actions on a physical card is 40A and 40B of the SSM system, comprising a core SSM 1004. take various actions on the cards another entity FSE 1102 is shown in FIG. 42.

[0453] 在双因素验证中,用户请求发布种子,且一旦发布种子,所述种子就将存储在安全令牌中。 [0453] In the two-factor authentication, the user requests release seeds, and once released seed, which will be stored in the security token. 在此实例中,安全令牌是存储器装置或卡。 In this example, the security token is a card or a memory device. 用户向图42中的验证ACR 1106的一者验证以获得对SSM系统的存取权(箭头112¾。假定验证成功(箭头11¾),用户接着请求种子(箭头1126)。主机通过选择用于签署种子请求的特定应用程序1102将签署种子请求的请求发送到卡。如果用户不知道需要调用的特定应用程序ID,那么可(例如)通过对装置的谨慎查询从装置10获得此信息。用户接着输入应调用的应用程序的应用程序ID,借此还选择对应于应用程序的通信管道。用户命令接着在通过命令中通过相应通信管道转发至IJ由来自用户的应用程序ID指定的应用程序(箭头11¾)。所调用的应用程序请求借助所指定IDO(例如,图42中的IDO 1112)中的公共密钥进行签名。 User authentication to verify the ACR in FIG. 42 to obtain one of 1106's access to SSM system (arrow 112¾. Assumed that the verification is successful (arrow 11¾), the user then requests the seeds (arrow 1126). By selecting a host for signing seed specific application requests 1102 will be signed request seeds request is sent to the card. If the user does not know the specific application ID need to call, then can (for example) by obtaining this information from the device 10 careful checking device. the user then inputs should be application ID of an application invoked, thereby further selected corresponding to the application communication pipe. then forwards user commands through the communication conduit to the respective application IJ (arrow 11¾) specified by the application from the user ID by the command the application is invoked by request signed by the designated IDO (e.g., IDO 1112 in FIG. 42) the public key.

[0454] SSM系统使用IDO的公共密钥签署种子请求并通知应用程序签署完成(箭头1132)。 IDO using public key [0454] SSM system signed seed request and notifies applications signed completed (arrow 1132). 所调用的应用程序接着请求IDO的证书链(箭头1134)。 The application then requests that the call IDO certificate chain (arrow 1134). 作为响应,SSM系统提供由ACR1103控制的IDO的证书链(箭头1136)。 Provided by the response, SSM control system ACR1103 IDO certificate chain (arrow 1136). 所调用的应用程序接着将经签署的种子请求和IDO的证书链通过通信管道提供到SSM系统,所述SSM系统将其转发到主机(箭头1138)。 The application then calls the request and the seeds are signed certificate chain IDO SSM is supplied to the system through the communication pipe, the SSM system forwards it to the host (arrow 1138). 经签署的种子请求和IDO证书链通过通信管道的发送是通过在图40A的SAMM1008 与SSM核心1004之间建立的回叫功能来进行,其中将在下文中详细阐述所述回叫功能。 IDO request and seeds are transmitted through the communication pipe certificate chain signed is performed by SAMM1008 established between the core 1004 of FIG. 40A and SSM callback function, wherein said call back feature described in detail hereinafter.

[0455] 主机所接收的经签署的种子请求和IDO证书链接着发送到图41所示的验证服务器1052。 Seed the signed request [0455] The host certificate received IDO and linked with the authentication server 1052 shown in FIG. 41 to send. 由卡提供的证书链鉴定经签署的种子请求是源自置信令牌,使得验证服务器1052 愿意向卡提供秘密种子。 Certificate chain provided by the identification card signed by seed request token is derived from the confidence that the authentication server 1052 is willing to provide seed secret to the card. 验证服务器1052因此将以IDO的公共密钥加密的种子连同用户ACR信息一起发送到主机。 Thus the encrypted authentication server 1052 will IDO public key seed ACR information transmitted along with the user to the host. 用户信息指示产生用户在其下有权存取OTP的N个用户ACR中的哪一者。 User information is generated indicating which of the user has access to the OTP in which N users in the ACR. 主机通过供应应用程序ID来调用FSE 1102中的OTP应用程序,借此还选择对应于应用程序的通信管道,并将用户ACR信息转发到SSM系统(箭头1140)。 Supplied by the host application to invoke ID OTP application in FSE 1102, whereby also select an application corresponding to the communication pipe and forwards the user information to SSM system ACR (arrow 1140). 经加密种子和用户ACR信息接着通过通信管道转发到选定的应用程序(箭头1142)。 Seed and then forwards the encrypted user information via the communication pipe to the ACR selected application (arrow 1142). 所调用的应用程序将使用IDO的专用密钥解密种子的请求发送到SSM系统(箭头1144)。 Calling application will be sent to the SSM system (arrow 1144) a request to use the private key to decrypt the seed of IDO. SSM系统解密种子并将解密已完成的通知发送到应用程序(箭头1146)。 SSM system decrypts the seed and decryption completed notification is sent to the application (arrow 1146). 所调用的应用程序接着请求创建安全数据对象和将种子存储在安全数据对象中。 The application then calls the request to create a secure data objects and the seeds were stored in a secure data object. 其还请求使SDO与用于产生一次性密码的OTP应用程序(其可以是正作出请求的同一应用程序)的ID相关联(箭头1148)。 It also requests that the SDO is used to generate the one-time password OTP application (which may be the same application being made the request) associated with the ID (arrow 1148). SSM系统创建SDO 1114的一者并将种子存储在所述SDO内部且使所述SDO与OTP应用程序的ID 相关联,并在完成时将通知发送到应用程序(箭头1150)。 SSM system creates one SDO 1114 and the seed stored in the inside and that the SDO SDO ID associated with the application of the OTP, and the completion notification to the application (arrow 1150). 应用程序接着请求SSM系统基于主机供应的用户信息向适当的用户ACR授权内部ACR1103存取SDO 1114的存取权(箭头1152)。 SSM application then requests the user information from the host system based on internal supplied to the appropriate users access ACR1103 ACR SDO access authorization (arrow 1152) 1114. 在授权已完成之后,SSM系统通知应用程序(箭头1巧4)。 After the authorization has been completed, SSM system notifies the application (arrow 1 clever 4). 应用程序接着通过回叫功能将SDO的名称(槽ID)通过通信管道发送到SSM系统(箭头1156)。 Followed by application to SDO callback function name (slot ID) is sent to the SSM system (arrow 1156) through the communication pipe. SSM系统接着将其转发到主机(箭头1158)。 SSM system then forwards it to the host (arrow 1158). 主机接着使SDO的名称与用户ACR联系,使得用户现可存取SDO。 The host then makes ACR SDO name of the user contact, so that the user can now access the SDO.

[0456] 现将参考图44中的协议图描述OTP产生的过程。 [0456] FIG protocol 44 will now be described in OTP generation process with reference to FIG. 为了获得一次性密码,用户将登录到其有存取权的用户ACR(箭头117¾。假定验证成功,SSM系统通知主机且主机将“获取SD0”命令发送到SSM (箭头1174、1176)。如上所述,存储种子的SDO已与用于产生OTP的应用程序相关联。因此,代替于与之前一样通过通信管道选择应用程序,借助由箭头1176中的命令存取的SDO与OTP产生应用程序之间的关联来调用OTP产生应用程序(箭头1178)。 OTP产生应用程序接着请求SSM系统从SDO读取内容(S卩,种子)(箭头1180)。优选地,SSM 不知道包含在SDO的内容中的信息,且将简单地如FSE所指示处理SDO中的数据。如果种子经加密,那么这可能涉及如FSE所命令在读取之前解密种子。SSM系统从SDO读取种子, 并将种子提供到OTP产生应用程序(箭头118¾。OTP产生应用程序接着产生OTP并将其提供到SSM系统(箭头1184)。OTP接着由SSM转发到主机(箭头1186) In order to obtain a one-time password, the user logs in to the ACR the user has access to it (arrow 117¾. Assumed that the verification is successful, the SSM system notifies the host computer and the host transmits the "SD0 Get" command to the SSM (arrows 1174,1176). As described later, has been stored in the OTP seeds SDO application for generating associated. Thus, instead of as before on the application by selecting the communication pipe, by accessed by the arrow 1176 in order to generate the OTP SDO between applications OTP generated to call associated application (arrow 1178). OTP generation application then requests the SSM system to read the content (S Jie, seed) (arrow 1180) from the SDO. preferably, the SSM does not know the contents contained in the SDO information, and the simple process as indicated by the data SDO FSE in. If the seed encrypted, as this may involve the FSE command before reading system to read the decryption seed from seed .SSM SDO, and seeds provided to the OTP generating application (arrow 118¾.OTP OTP generation application then generates and provides to the SSM system (arrow 1184) .OTP then forwarded to the host by the SSM (arrow 1186) 主机又将OTP转发到验证服务器1052以完成双因素验证过程。 In turn forwarded to the host OTP authentication server 1052 to complete the two-factor authentication process.

[0457] 回叫功能 [0457] callback function

[0458] 在图40A的SSM核心1004与SAMM 1008之间建立一般回叫功能。 [0458] establish the general callback function between the SSM core 1004 of FIG. 40A and SAMM 1008. 可以此功能注册不同的装置内部应用程序和通信管道。 This feature can be different from the internal register device application, and a communication pipe. 因此,当调用装置内部应用程序时,应用程序可使用此回叫功能在处理之后将数据通过曾用于将主机命令传递到应用程序的相同通信管道传递到SSM系统。 Thus, when the application calls the internal device, the application may use this callback function after processing the data that was used by transmitting the same command to the host communication pipe applications transmitted to the SSM system.

[0459] DRM系统实施例 [0459] DRM system according to an embodiment

[0460] 图45是说明DRM系统的功能方框图,所述DRM系统使用通信管道1104'、具有到FSE应用程序1102'的链路1108'的CEK 1114',以及用于控制实施DRM功能的功能的控制结构1101' ,1103' ,1106'。 [0460] FIG. 45 is a functional block diagram of a DRM system, said DRM system uses a communication conduit 1104 ', 1102 having application to the FSE' link 1108 apos CEK 1114 ', and a function for controlling a DRM function of the embodiment control structure 1101 ', 1103', 1106 '. 如将注意到,图45中的结构相当类似于图42的结构,只是安全性数据结构现包含许可证服务器ACR 1106'和重放ACR 1110'以代替验证服务器ACR和用户ACR,及CEK 1114'以代替SD0。 As will be noted, the structure is quite similar to that of FIG 45 FIG structure 42, only the security data structure now includes a license server ACR 1106 'and reproducing ACR 1110' instead of a user and an authentication server ACR ACR, and CEK 1114 ' instead of SD0. 另外,不涉及ID0,且因此在图45中省略ID0。 Further, the ID0 not involved, and therefore are omitted in FIG. 45 ID0. 可在许可证供应过程中创建CEK 1114'。 You can create CEK 1114 'in the license provisioning process. 协议图图46说明用于许可证供应和内容下载的过程,其中密钥在许可证对象中提供。 FIG 46 protocol diagram illustrating a process for supplying a license and download content, wherein the license key is provided in the subject. 如OTP实施例中一样,希望获取许可证的用户将首先需要在N个ACR 1106'的一者以及N个ACR 1110'的一者下获取存取权,使得可借助例如媒体播放器软件应用程序等媒体播放器来呈现内容。 As the user as OTP embodiment, it is desirable to obtain a license will first need to get access at the N ACR 1106 'is one and N ACR 1110' is one such means may be, for example, a media player software application other media player to render the content.

[0461] 如图46所示,主机向许可证服务器ACR 1106'验证(箭头1202)。 As shown in [0461] FIG. 46, the master license server ACR 1106 'verification (arrow 1202). 假定验证成功(箭头1204),许可证服务器将许可证文件连同CEK (密钥ID和密钥值)一起提供给主机。 Assume the verification is successful (arrow 1204), the license server license files along with CEK (key ID and key value) to the host together. 主机还通过将应用程序ID供应到卡上的SSM系统来选择待调用的应用程序。 Host also to select the application to be called supply to the SSM system on the card by the application ID. 主机还发送播放器信息(例如,关于媒体播放器软件应用程序的信息)(箭头1206)。 The host also sends the player information (e.g., information about the media player software application) (arrow 1206). 播放器信息将指示播放器在N个重放ACR 1110'的哪一者下具有存取权。 Player information indicating the player has access to at which of the N reproduction ACR 1110 'of. SSM系统将许可证文件和CEK通过对应于选定的应用程序的通信管道转发到DRM应用程序(箭头1208)。 The SSM system and the license file to the DRM application CEK forwards (arrow 1208) through the communication pipe corresponding to the selected application. 所调用的应用程序接着请求SSM系统将许可证文件写入到隐藏分区(箭头1210)。 The application then requests the SSM system call to write the license file to a hidden partition (arrow 1210). 当已如此写入许可证文件时,SSM系统通知应用程序(箭头1212)。 When the license file has been so written, SSM system notifies the application (arrow 1212). DRM应用程序接着请求创建CEK对象1114'并将来自许可证文件的密钥值存储在其中。 DRM application then requests the creation of objects CEK 1114 'and the key value from the license file is stored therein. DRM应用程序还请求使CEK对象与检查与所提供的密钥相关联的许可证的DRM应用程序的ID相关联(箭头1214)。 DRM application also requests that the inspection object and CEK DRM license provided by an application associated with a key associated with the ID (arrow 1214). SSM系统完成这些任务且因此通知应用程序(箭头1216)。 SSM system to accomplish these tasks and thus notifies the application (arrow 1216). 应用程序接着请求基于主机所发送的播放器信息将对CEK 1114'的读取存取权授权给播放器经许可存取其内容的重放ACR(箭头1218)。 Then the application requesting authorization to access the contents of the player reproducing the ACR licensed (arrow 1218) the player based on the read access information sent by the master will CEK 1114 'of. SSM系统执行授权且因此通知应用程序(箭头1220)。 SSM system performs authorization and thus notifies the application (arrow 1220). 应用程序通过通信管道将许可证的存储已完成的消息发送到SSM系统,且SSM系统将其转发到许可证服务器(箭头1222和1224)。 Application through the communication pipe to permit storage of the completed message to the SSM system, and the SSM system forwards it to the license server (arrows 1222 and 1224). 回叫功能通过通信管道用于此动作。 Callback function for this action through the communication pipe. 在接收此通知后,许可证服务器接着提供用提供到卡的CEK中的密钥值加密的内容文件。 Upon receiving this notification, the license server then the card key value in CEK encrypted content file to the supply. 经加密内容由主机存储在公共卡区域中。 The encrypted content via the public by the host card is stored in the area. 经加密内容文件的存储不涉及安全性功能,使得SSM系统不参与到所述存储中。 By storing the encrypted content file does not involve security features, such SSM system is not involved in the store. [0462] 图47中说明重放操作。 In [0462] FIG. 47 illustrates the reproducing operation. 用户通过主机向适当的重放ACR(即,上文在箭头1152和IlM中已将读取权授权到的重放ACR)验证(箭头1242)。 The user to the appropriate playback ACR (i.e., supra authorized to have read access to the ACR reproducing arrows 1152 and IlM) is verified by host computer (arrow 1242). 假定验证成功(箭头1244),用户接着发送读取与密钥ID相关联的内容的请求(箭头1246)。 Assuming successful authentication (arrow 1244), the user then sends a request to read the content ID associated with the key (arrow 1246). 当接收请求后,SSM系统将发现DRM应用程序ID与正被存取的CEK对象相关联,且因此将促使调用经识别的DRM应用程序(箭头1248)。 When receiving the request, the SSM DRM system will find application ID associated with the CEK objects being accessed, and thus will cause the call to the identified DRM application (arrow 1248). DRM应用程序请求SSM系统读取与密钥ID相关联的数据(即,许可证) (箭头1250)。 DRM application requests the SSM system reads data associated with the key ID (i.e., License) (arrow 1250). SSM不知道其被请求读取的数据中的信息,且简单地处理来自FSE的执行数据读取过程的请求。 SSM does not know which information is requested in the read data, and simply process the request data read process from the FSE. SSM系统从隐藏分区读取数据(S卩,许可证)并将数据提供到DRM应用程序(箭头1252)。 SSM system reads the data (S Jie, license) and provides the data to the DRM application (arrow 1252) from the hidden partition. DRM应用程序接着解译数据并检查数据中的许可证信息以查看许可证是否有效。 DRM application then interprets the data and check the license information in the data to see whether the license is valid. 如果许可证仍有效,那么DRM应用程序将因此通知SSM系统批准内容解密(箭头12M)。 If the license is still valid, the DRM application will therefore inform the SSM system approved content decryption (arrow 12M). SSM系统接着使用CEK对象中的密钥值解密所请求的内容并将经解密内容供应到主机以进行重放(箭头1256)。 SSM system then uses the key value in CEK objects decrypting the requested content and supplies the decrypted contents to the host computer for playback (arrow 1256). 如果许可证不再有效,那么拒绝对内容存取的请求。 If the license is no longer valid, rejecting a request for access to content.

[0463] 在来自许可证服务器的许可证文件中未提供密钥的情况下,许可证供应和内容下载将稍许不同于图46中说明的许可证供应和内容下载。 [0463] provided without the key in the license file from a license server, the license supplied to and slightly different from the content download and content download license supply 46 illustrated in FIG. 此不同方案在图48的协议图中说明。 This different embodiment illustrated in FIG. 48 of the protocol of FIG. 图46与48之间的相同步骤由相同标号识别。 FIG 46 is the same between the step 48 is identified by the same reference numerals. 因此,主机和SSM系统首先参与验证(箭头1202、1204)。 Thus, the host and the SSM system first part in the verification (arrow 1202, 1204). 许可证服务器将许可证文件和密钥ID(没有密钥值)提供到主机,且主机将把这些与其希望调用的DRM应用程序的应用程序ID —起转发到SSM系统。 The license server license file and key ID (without the key value) to the host, and the host will be the application of these DRM applications and their wish to call ID - starting forwarded to the SSM system. 主机还发送播放器信息(箭头1206' )。 The host also sends the player information (arrow 1206 '). SSM系统接着将许可证文件和密钥ID通过对应于选定的应用程序的通信管道转发到选定的DRM应用程序(箭头1208)。 SSM system then the license file ID and the key corresponding to the forwarded through the communication conduit to the selected application program selected DRM application (arrow 1208). DRM应用程序请求将许可证文件写入到隐藏分区(箭头1210)。 DRM application requests to write to the license file to a hidden partition (arrow 1210). 当已如此写入许可证文件时,SSM系统通知DRM应用程序(箭头1212)。 When the license file has been so written, SSM system notifies the DRM application (arrow 1212). DRM应用程序接着请求SSM系统产生密钥值,创建CEK对象,将密钥值存储在其中并使CEK对象与DRM应用程序的ID相关联(箭头1214')。 SSM application then requests the DRM system generates a key value creating CEK object, the object ID CEK associated with the DRM application (arrow 1214 ') and in which the key value is stored. 在已遵照请求之后,SSM系统将通知发送到DRM应用程序(箭头1216)。 After the request has complied, SSM DRM system to send notifications to the application (arrow 1216). DRM应用程序将接着请求SSM系统基于来自主机的播放器信息向重放ACR授权对CEK对象的读取存取权(箭头1218)。 DRM application then requests the SSM system for authorizing access to read the object CEK (arrow 1218) to the player based on the playback ACR information from the host. 当此完成时,SSM系统因此通知DRM应用程序(箭头1220)。 When this is completed, SSM system is therefore inform DRM application (arrow 1220). DRM应用程序接着通知SSM系统已存储许可证,其中借助回叫功能通过通信管道发送所述通知(箭头1222)。 DRM application SSM system then notifies the license has been stored, wherein for callback function sending the notification via a communication duct (arrow 1222). 此通知由SSM 系统转发到许可证服务器(箭头1224)。 This notification is forwarded by the SSM system to the license server (arrow 1224). 许可证服务器接着将与密钥ID相关联的内容文件发送到SSM系统(箭头1226)。 License server then sends the content file associated with the key ID to the SSM system (arrow 1226). SSM系统在不涉及任何应用程序的情况下用由密钥ID识别的密钥值加密内容文件。 SSM system with a key ID identifying the encrypted content file key value without involving any application. 如此加密并存储在卡上的内容可使用图47的协议重放。 And thus encrypted content stored on the card can be reproduced using the protocol of FIG. 47.

[0464] 在上文的OTP和DRM实施例中,FSE 1102和1102'可含有许多不同OTP和DRM 应用程序供主机装置选择。 [0464] embodiment, FSE 1102 and 1102 'select the host device may contain a number of different applications for DRM and OTP OTP and DRM in the above embodiment. 用户可具有选择和调用所需装置内部应用程序的选择。 User may have to select the desired selection means internal applications and calls. 然而, SSM模块与FSE之间的总体关系保持相同,使得用户和数据提供者可使用标准集的协议来与SSM模块交互并调用FSE。 However, the overall relationship between the module and the SSM FSE remains the same, so that the data provided by the user and may use a standard set of protocols to interact with the module SSM and call FSE. 用户和提供者不必涉及到许多不同装置内部应用程序(其中一些可能为专用的)的特殊性中。 Users and providers do not have to involve many different internal application means (some of which may be dedicated) of particularity.

[0465] 此外,供应协议可能稍许不同,如图46和48中的情况一样。 [0465] In addition, the supply may be slightly different protocols, 46 and 48 as in the case. 在图46的情况中许可证对象含有密钥值,但在图48的情况中没有密钥值。 Objects contained in the license key value in the case of FIG. 46, but not the key value in the case of FIG. 48. 此差异要求如上文说明的稍许不同的协议。 This difference requires a slightly different protocol as explained above. 然而,图47中的重放是相同的,不管如何供应许可证。 However, the reproduction of Figure 47 is the same, regardless of the supply license. 因此,此差异将仅关系到内容提供者和分配者,而通常不关系到消费者,消费者通常仅在重放阶段中涉及。 Therefore, this difference will only be related to the content providers and distributors, and usually not related to the consumer, the consumer usually only involves the reproduction stage. 此结构因此为内容提供者和分配者定制协议提供巨大灵活性,同时仍容易由消费者使用。 This structure therefore provides content providers and distributors custom protocol provides tremendous flexibility, while still easy to use by the consumer. 显然,从通过两组以上供应协议供应的数据导出的信息可能仍可使用第二协议存取。 Obviously, the information derived by two or more data supplied from the supply agreement may still be accessed using the second protocol. [0466] 以上实施例提供的另一优点是,虽然例如用户的外部实体与装置内部应用程序可共享由安全性数据结构控制的数据的使用,但用户仅能够存取由装置内部应用程序从所存储数据导出的结果。 Another advantage provided by [0466] the above embodiment, although an external entity and the user equipment within the application data may be shared by the secure data control structures, but can only be accessed by the user within the application from the device storing data derived from the results. 因此,在OTP实施例中,用户通过主机装置仅能够获得OTP,而不能获得种子值。 Thus, in the embodiment, OTP, OTP user can only be obtained by the host device, but can not obtain the seed value. 在DRM实施例中,用户通过主机装置仅能够获得所呈现的内容,而不能获得对许可证文件或密码密钥的存取权。 In DRM embodiment, the user can obtain the content presented only by the host device, but can not gain access to the cryptographic key or the license file. 此特征在不危及安全性的情况下为消费者提供便利。 This features without compromising security to facilitate the consumers.

[0467] 在一个DRM实施例中,装置内部应用程序或主机均不具有对密码密钥的存取权; 仅安全性数据结构具有此存取权。 [0467] In one embodiment the DRM embodiment, the internal application or host device not having access to a cryptographic key; security data structure only has this access. 在其它实施例中,除安全性数据结构以外的实体也可存取密码密钥。 In other embodiments, entities other than the security data structure may also have access to a cryptographic key. 所述密钥也可借助装置内部应用程序产生,且接着由安全性数据结构控制。 The key may also be generated by means within the application, and then controlled by the security data structure.

[0468] 对装置内部应用程序以及对信息(例如,OTP和所呈现的内容)的存取由相同安全性数据结构控制。 [0468] configuration of the control apparatus of the internal applications and access to information (e.g., OTP and rendered content) by the same data security. 这减小了控制系统的复杂性和成本。 This reduces the complexity and cost of the control system.

[0469] 通过提供向控制主机对通过调用装置内部应用程序获得的信息的存取的ACR授权来自控制对装置内部应用程序的存取的内部ACR的存取权的能力,此特征使得可能实现上文的特征和功能。 [0469] By providing authorization to the ACR control of the host access information obtained by means of an internal application call from the ability to control access to access internal applications device and the interior of the ACR, this feature makes it possible to achieve the features and functions of the text.

[0470] 应用程序特定撤回方案 [0470] application-specific withdrawal plan

[0471] 当调用装置内部应用程序时,还可修改安全性数据结构的存取控制协议。 [0471] When the application calls the internal device, the security protocol may modify the access control data structure. 举例来说,证书撤回协议可以是使用CRL的标准协议或专用协议。 For example, certificate revocation protocol may be standard protocols or using the CRL proprietary protocol. 因此,通过调用FSE,标准CRL撤回协议可由FSE专用协议代替。 Therefore, by calling the FSE, the standard CRL Agreement may withdraw FSE proprietary protocol instead.

[0472] 除了支持CRL撤回方案外,SSA还使驻存在装置中的特定内部应用程序能够通过装置内部应用程序与CA或任何其它撤回授权方之间的专用通信通道调用主机。 [0472] In addition to supporting the outer CRL withdrawn embodiment, SSA in particular also to enable the device internal applications can call the host through the presence of internal application or any other device with CA private communications channel between the authorized parties withdrawn. 内部应用程序专用撤回方案在主机-应用程序的关系方面是受限制的。 Internal application-specific withdrawal scheme in the host - the relationship aspect of the application is limited.

[0473] 当配置应用程序特定撤回方案时,SSA系统将拒绝CRL (如果提供的话),否则将使用证书和专用应用程序数据(先前通过应用程序特定通信管道提供)来决定是否撤回给定的鉴定。 [0473] When configuring application specific withdrawal embodiment, the SSA will reject the CRL (if provided), otherwise, the certificate and private application data (previously provided by the application-specific communication pipe) to decide whether to withdraw a given identification .

[0474] 如上所述,ACR通过指定撤回值来指定采用三种撤回方案(无撤回方案、标准CRL 方案和应用程序特定撤回方案)中的哪一种。 [0474] As described above, by specifying the ACR to withdraw withdrawal scheme using three values ​​(no withdrawal program, the standard program and application specific CRL withdrawal embodiment) in which. 当选择应用程序特定撤回方案选项时,ACR还将针对负责撤回方案的内部应用程序ID指定一ID,且CET/APP_ID字段中的值将对应于负责撤回方案的内部应用程序ID。 When the selected application-specific withdrawal plan options, ACR ID will be specified for a withdrawal within the application program is responsible for the ID, and the value of CET / APP_ID field corresponding to the application ID is responsible for internal withdrawal program. 当验证装置时,SSA系统将接着遵守内部应用程序的专用方案。 When the verification apparatus, SSA system will then comply with the specific application program inside.

[0475] 代替于用另一协议集代替一个协议集,装置内部应用程序的调用可向SSA已施加的存取控制强加额外存取条件。 [0475] Instead of replacing one set of protocols set by another protocol, the calling device may internal applications has been applied to the access control SSA impose additional access conditions. 举例来说,存取CEK中的密钥值的权利可由FSE进一步审查。 For example, the access rights of the key value in CEK FSE may be further review. 在SSA系统确定ACR具有对密钥值的存取权之后,将在准予存取之前咨询FSE。 After determining the SSA system ACR has access to the key value, the advice FSE before granting access. 此特征允许内容所有者控制对内容的存取方面的巨大灵活性。 This feature allows content owners to control access to the tremendous flexibility of the content area.

[0476] 虽然上文已参考各种实施例描述本发明,但将了解,可在不脱离本发明的范围的情况下作出变化和修改,本发明的范围将仅由所附权利要求书及其等效物界定。 [0476] While the above embodiment has been described with reference to various embodiments of the present invention, it will be appreciated that variations and modifications may be made without departing from the scope of the invention, the scope of the present invention will be limited only by the appended claims and equivalents.

Claims (20)

1. 一种由存储装置验证实体的方法,所述方法包括:由与实体通信的存储装置执行以下步骤:从所述实体接收多个证书,以用于向所述存储装置验证所述实体,所述多个证书是有次序的且以所述次序从所述实体被接收;以所述多个证书被接收的所述次序检验所述多个证书,其中对照根证书检验所述多个证书中的第一个;检测是否所述多个证书中的最后一个已经被检验;以及如果所述多个证书中的所述最后一个已经被检验,则使用所述多个证书中的所述最后一个向所述存储装置验证所述实体。 An entity verified by the memory device, the method comprising: performing by entities in communication with the memory device to: receive a plurality of credentials from the entity, to said storage means for said verification entity, the plurality of credentials and to have the sequence order is received from the entity; to the order of the plurality of the inspection certificate is received plurality of credentials, wherein said plurality of control root certificate inspection certificate the first; detecting whether the test object has a plurality of the last certificate; and if the plurality of the last certificate has been tested using the last of said plurality of certificate one of said storage means to said verification entity.
2.根据权利要求1所述的方法,其中所述多个证书的最后一个在一含有最后一个证书的指示的消息中被接收,且其中通过检查所述指示来执行所述检测。 Message 2. The method according to claim 1, wherein the plurality of certificates comprising indicating a last one of the last certificate is received, and wherein said detection is performed by checking the indication.
3.根据权利要求1所述的方法,其中所述实体与所述存储装置可移除地相互连接。 3. The method according to claim 1, wherein said entity and said storage means is removably connected to one another.
4.根据权利要求1所述的方法,其进一步包括除接收到所述最后一个证书之后外,在接收到每一证书之后,将对所述多个证书中的所述每一证书的下一证书的请求发送到所述实体。 4. The method according to claim 1, further comprising, after addition of the last received certificate, each certificate after receiving the next of said plurality of certificates will each certificate transmitting to the entity requesting the certificate.
5.根据权利要求4所述的方法,其进一步包括接收来自于所述实体的所述下一证书,以响应每一请求。 5. The method of claim 4, further comprising receiving the certificate from the next entity in response to each request.
6.根据权利要求1所述的方法,其中所述实体包括主机装置,所述主机装置可移除地连接到所述存储装置。 6. The method according to claim 1, wherein said entity comprises a host device, the host device may be removably connected to said storage means.
7.根据权利要求1所述的方法,其中所述存储装置包括存储器卡。 7. The method according to claim 1, wherein said storage means comprises a memory card.
8.根据权利要求1所述的方法,其进一步包括通过重写先前存储的证书,除所述多个证书中的第一个外,一次一个地将所述多个证书存储于所述存储装置中。 8. The method according to claim 1, which further includes the certificate by overwriting the previously stored, in addition to a first of said plurality of outer certificate, one at a time to said plurality of certificates stored in the storage means in.
9.根据权利要求8所述的方法,其进一步包括在所述存储装置中分配恰好能够存储所述多个证书中的最大一个所需的存储器空间。 9. The method according to claim 8, which further comprises allocating a memory space capable of storing just the required maximum of the plurality of certificates in the storage means.
10.根据权利要求1所述的方法,其中所述实体是与所述存储装置通信的主机装置。 10. The method according to claim 1, wherein said entity is a host device in communication with the storage device.
11.根据权利要求1所述的方法,其中从第二证书开始,对照被紧接先前接收的证书检验每一证书。 11. The method according to claim 1, wherein the certificate from the second, control is immediately previously received inspection certificate for each certificate.
12. —种存储装置,其包括:存储器,其存储根证书;及控制器,其与所述存储器通信且可操作以:从实体接收多个证书,以用于向所述存储装置验证所述实体,所述多个证书是有次序的且以所述次序从所述实体被接收;按照所述多个证书被接收的所述次序检验所述多个证书,其中对照存储在所述存储器中的根证书检验所述多个证书中的第一个;检测是否所述多个证书中的最后一个已经被检验;以及如果所述多个证书中的所述最后一个已经被检验,则使用所述多个证书中的所述最后一个向所述存储装置验证所述实体。 12. - seed storage means, comprising: a memory that stores a root certificate; and a controller communicating with said memory and operable to: receive a certificate from the plurality of entities, to said storage means for verifying the entity, the order of the plurality of credentials and to have the order is received from the entity; the order in accordance with said plurality of inspection certificate is received by the plurality of certificates, wherein the control is stored in the memory a plurality of first verifying the certificate of the root certificate; detecting whether the test object has a plurality of the last certificate; and if the plurality of the last certificate has been tested using the the certificate of said plurality of said entity to the last memory device authentication.
13.根据权利要求12所述的存储装置,其中所述多个证书的最后一个在一含有最后一个证书的指示的消息中被接收,且其中所述控制器可操作以通过检查所述指示来检测所述多个证书的最后一个是否已经被检验。 13. The memory device according to claim 12, wherein the last one of the plurality of certificates comprising a received message indicates the last certificate in, and wherein said controller is operable to indicate to said checking by detecting the last of the plurality of credentials has already been tested.
14.根据权利要求12所述的存储装置,其中所述实体与所述存储装置可移除地相互连接。 14. A memory device as claimed in claim 12, wherein said entity and said storage means is removably connected to one another.
15.根据权利要求12所述的存储装置,其中,除接收到所述最后一个证书外,所述控制器进一步可操作以在接收到每一证书之后,将对所述多个证书中的所述每一证书的下一证书的请求发送到所述实体。 15. The memory device according to claim 12, wherein, in addition to the last received certificate outer, the controller is further operable to, after receiving each certificate, the certificate will be a plurality of the the next transmission request of each of said certificate to the certificate of the entity.
16.根据权利要求15所述的存储装置,其中所述控制器进一步可操作以响应每一请求,从所述实体接收所述下一证书。 16. The memory device according to claim 15, wherein the controller is further operable in response to each request, receive the certificate from the next entity.
17.根据权利要求12所述的存储装置,其中所述实体包括主机装置,且其中所述主机装置可移除地连接到所述存储装置。 17. The memory device according to claim 12, wherein said entity comprises a host device, and wherein said host device is removably connected to said storage means.
18.根据权利要求17所述的存储装置,其中所述存储装置包括存储器卡。 18. The memory device according to claim 17, wherein said storage means comprises a memory card.
19.根据权利要求12所述的存储装置,其中,除所述多个证书中的所述第一个外,所述控制器进一步可操作以通过重写先前存储的证书,一次一个地将所述多个证书的每一个存储于所述存储器中。 19. The memory device according to claim 12, wherein, in addition to the first one of the plurality of outer certificate, the controller is further operable to overwrite previously stored by the certificate, one at a time The each of said plurality of certificates stored in the memory.
20.根据权利要求19所述的存储装置,其进一步包括在所述存储装置中分配恰好能够存储所述多个证书的最大一个所需的存储器空间。 20. The memory device according to claim 19, which further comprises allocating a memory space capable of storing just the maximum of the plurality of certificates required in the storage means.
CN 200780025848 2006-07-07 2007-06-28 Content control system and method using certificate chains CN101490689B (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
US81950706P true 2006-07-07 2006-07-07
US60/819,507 2006-07-07
US11/557,010 2006-11-06
US11/557,028 2006-11-06
US11/557,028 US8140843B2 (en) 2006-07-07 2006-11-06 Content control method using certificate chains
US11/557,010 US20080010449A1 (en) 2006-07-07 2006-11-06 Content Control System Using Certificate Chains
PCT/US2007/015304 WO2008013656A2 (en) 2006-07-07 2007-06-28 Content control system and method using certificate chains

Publications (2)

Publication Number Publication Date
CN101490689A CN101490689A (en) 2009-07-22
CN101490689B true CN101490689B (en) 2012-05-16



Family Applications (5)

Application Number Title Priority Date Filing Date
CN 200780025287 CN101484903B (en) 2006-07-07 2007-06-28 System and method for controlling information supplied from memory device
CN 200780025785 CN101490688A (en) 2006-07-07 2007-06-28 Content control system and method using certificate revocation lists
CN 200780025736 CN101484904A (en) 2006-07-07 2007-06-28 Content control system and method using versatile control structure
CN 200780025765 CN101490687B (en) 2006-07-07 2007-06-28 Control system and method using identity objects
CN 200780025848 CN101490689B (en) 2006-07-07 2007-06-28 Content control system and method using certificate chains

Family Applications Before (4)

Application Number Title Priority Date Filing Date
CN 200780025287 CN101484903B (en) 2006-07-07 2007-06-28 System and method for controlling information supplied from memory device
CN 200780025785 CN101490688A (en) 2006-07-07 2007-06-28 Content control system and method using certificate revocation lists
CN 200780025736 CN101484904A (en) 2006-07-07 2007-06-28 Content control system and method using versatile control structure
CN 200780025765 CN101490687B (en) 2006-07-07 2007-06-28 Control system and method using identity objects

Country Status (1)

Country Link
CN (5) CN101484903B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5604929B2 (en) * 2010-03-29 2014-10-15 ソニー株式会社 Memory device and memory system
JP2012008756A (en) * 2010-06-24 2012-01-12 Sony Corp Information processing device, information processing method and program
CN103150524B (en) * 2013-01-30 2016-01-13 华中科技大学 A secure memory chip, system and method for authentication
CN106462719A (en) * 2014-07-31 2017-02-22 宇龙计算机通信科技(深圳)有限公司 Method and device for encrypting memory card
CN105991533A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction method
CN105989476A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction method
CN110458551A (en) * 2014-11-07 2019-11-15 天地融科技股份有限公司 Data interaction system
EP3125489B1 (en) * 2015-07-31 2017-08-09 BRITISH TELECOMMUNICATIONS public limited company Mitigating blockchain attack
CN106850819A (en) * 2017-02-17 2017-06-13 深圳市中博睿存信息技术有限公司 A kind of method and system for improving object storage security
CN107291856A (en) * 2017-06-08 2017-10-24 武汉康慧然信息技术咨询有限公司 A kind of blood product distribution method and system based on big data technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002096016A2 (en) 2001-05-23 2002-11-28 Thomson Licensing S.A. Security devices and processes for protecting and identifying messages
US6513116B1 (en) 1997-05-16 2003-01-28 Liberate Technologies Security information acquisition
CN1581144A (en) 2003-07-31 2005-02-16 上海市电子商务安全证书管理中心有限公司 Digital certificate local identification method and system
CN1771710A (en) 2003-04-03 2006-05-10 松下电器产业株式会社 Apparatuses, methods and computer software productus for judging the validity of a server certificate
WO2006069311A2 (en) 2004-12-21 2006-06-29 Sandisk Corporation Control structure for versatile content control and method using structure

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778071A (en) 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US5473692A (en) 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US6400823B1 (en) 1996-12-13 2002-06-04 Compaq Computer Corporation Securely generating a computer system password by utilizing an external encryption algorithm
US6779113B1 (en) 1999-11-05 2004-08-17 Microsoft Corporation Integrated circuit card with situation dependent identity authentication
EP1276033B1 (en) 2001-07-10 2012-03-14 Trident Microsystems (Far East) Ltd. Memory device with data protection in a processor
US7925894B2 (en) * 2001-07-25 2011-04-12 Seagate Technology Llc System and method for delivering versatile security, digital rights management, and privacy services
CN1280737C (en) 2002-12-31 2006-10-18 台均科技(深圳)有限公司 Safety authentication method for movable storage device and read and write identification device
EP1594250A1 (en) * 2004-05-03 2005-11-09 Thomson Licensing Distributed management of a certificate revocation list
TW200636554A (en) * 2004-12-21 2006-10-16 Sandisk Corp Memory ststem with versatile content control
WO2006069312A2 (en) * 2004-12-21 2006-06-29 Sandisk Corporation System for creating control structure for versatile content control
EP2284758A3 (en) 2004-12-21 2011-10-05 Sandisk Corporation Versatile content control with partitioning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6513116B1 (en) 1997-05-16 2003-01-28 Liberate Technologies Security information acquisition
WO2002096016A2 (en) 2001-05-23 2002-11-28 Thomson Licensing S.A. Security devices and processes for protecting and identifying messages
CN1771710A (en) 2003-04-03 2006-05-10 松下电器产业株式会社 Apparatuses, methods and computer software productus for judging the validity of a server certificate
CN1581144A (en) 2003-07-31 2005-02-16 上海市电子商务安全证书管理中心有限公司 Digital certificate local identification method and system
WO2006069311A2 (en) 2004-12-21 2006-06-29 Sandisk Corporation Control structure for versatile content control and method using structure

Also Published As

Publication number Publication date
CN101490687B (en) 2012-04-18
CN101484904A (en) 2009-07-15
CN101490688A (en) 2009-07-22
CN101484903A (en) 2009-07-15
CN101484903B (en) 2013-09-25
CN101490689A (en) 2009-07-22
CN101490687A (en) 2009-07-22

Similar Documents

Publication Publication Date Title
USRE47313E1 (en) Securing digital content system and method
US8010790B2 (en) Block-level storage device with content security
JP4615832B2 (en) Digital rights management (DRM) encryption and data protection method for content on devices without interactive authentication
EP1452941B1 (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (DRM) system
US8005757B2 (en) Specifiying security for an element by assigning a scaled value representative of the relative security thereof
US7051211B1 (en) Secure software distribution and installation
JP4583046B2 (en) Linking a digital license with a user in a digital rights management (DRM) system, and binding a user with multiple computing devices
US7225333B2 (en) Secure processor architecture for use with a digital rights management (DRM) system on a computing device
JP4089171B2 (en) Computer system
US7302709B2 (en) Key-based secure storage
CN100354786C (en) Open type general-purpose attack-resistant CPU and application system thereof
JP5314016B2 (en) Information processing apparatus, encryption key management method, computer program, and integrated circuit
EP1465040B1 (en) Issuing a publisher use licence off-line in a digital rights management (DRM) System
US7016498B2 (en) Encrypting a digital object on a key ID selected therefor
US7353209B1 (en) Releasing decrypted digital content to an authenticated path
KR100971854B1 (en) Systems and methods for providing secure server key operations
JP4524124B2 (en) Enroll / sub-enroll digital rights management (DRM) server to DRM architecture
CN102656591B (en) Based encryption using a digital rights management properties of the
JP4680564B2 (en) Content encryption and data protection on portable media
CN100495415C (en) Device and method for protecting digit content, and device and method for processing protected digit content
US6044155A (en) Method and system for securely archiving core data secrets
US7487366B2 (en) Data protection program and data protection method
US7730329B2 (en) Digital rights management (DRM) encryption and data-protection for content on device without interactive authentication
US6327652B1 (en) Loading and identifying a digital rights management operating system
US20170262639A1 (en) Cloud key escrow system

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
C41 Transfer of patent application or patent right or utility model
ASS Succession or assignment of patent right



Effective date: 20121218

C56 Change in the name or address of the patentee